Thanks so much for joining us today for our webinar Resilience Visibility Building the Ideal Strategic Risk Scorecard as part of the Everstream Analytics Supply Chain Optimization webinar series this spring. All your lines are currently muted, but please feel free to pop any questions you might have into the questions panel at the top and the top bar at any time, and we’ll get to as many as we can during the q and a session at the end of the webinar. This session’s also being recorded and we’ll send you a copy after. My name is Franziska Nothofer and I’m very excited to introduce today’s speaker, Greg Leary. He’s a senior solutions consultant based over in Boston and has a lot of deep experience in supply chain risk management solutions who will be guiding us through the session and show the everstream analytics platform in action today through a demo. And with that, I’ll hand it right over to you, Greg. Thank you.
Greg Leary:
Thank you Franzi. Hello everyone. It’s my pleasure today to walk you through the ideal strategic risk scorecard. I feel that when most people hear supply chain risk management, they often think about current threats, firefighting the issue or issues of the day. And this is true, that’s definitely part of risk management and it’s very important, but in many cases it’s too late. The event has already happened, you’ve been disrupted, but what if you could get ahead of that risk or ideally avoid it altogether? So that’s really what we’re going to be talking about today. The unsung hero of supply chain risk management, in my opinion, is strategic risk scoring. It’s like your crystal ball looking into the future, and you can extend this throughout your entire multi-tier end-to-end supply chain. It’s like the saying goes, an ounce of prevention is worth a pound of cure. So if you’re measuring cure in the terms of dollars and brand reputation, then you’re definitely in the right place.
This webinar is for you. Or if you’re a golfer in the audience, we all like to go out on the range and pound our driver because it’s a lot of fun. It goes a long ways, but in reality, we should probably be practicing our short game, what’s going to protect our score and help us lower our handicap. So whatever your analogy, whatever you’re a metaphor that works for you. Let’s dive in. So our approach to strategic risk score is a bit unique. We feel we give you a collection of external risk scores across a number of different categories to provide you an outside in perspective of risk for a particular supply chain location. And if that’s all you need, perfect, you just tell us your locations, we give you the scores and your’re good to go, but you also have the option to include your own internal risk scores.
It’s pretty common that most customers we work with, they’re already measuring their suppliers on a variety of metrics. Typically we see different groups in the same company, all measuring suppliers, but on different metrics and different systems. So we provide a framework for you to bring all that risk data together into one place with the idea being to help you identify the high risk locations in your network so that you can either work with them to mitigate the risk or maybe you have to diversify away from them if necessary. And by doing this, we expect you to be able to reduce the number of disruptions in the future by up to 74%. I mean, it makes too much sense that if you plan for a more resilient supply chain network ahead of time, that you’ll be less susceptible to disruptions in the future. And that’s what this is all about, trying to get ahead of that risk.
Speaker 2:
So we see customers using this throughout their entire supplier life cycle from onboarding new suppliers to ongoing management of them while they’re active to make sure they’re not putting you at risk to offboarding. So it helps companies make decisions on which suppliers they might need to engage with and shore up as well as making strategic sourcing decisions. I mean, if it comes down to two or more suppliers or more or less equally, and you have to make a choice and you’re likely going to take the less risky one. I know one of our customers requires their sourcing managers to increase the resiliency in their categories by 10% year over year, and they leverage our strategic risk scoring cards to do that.
So to help we provide a number of out of the box risk scores somewhere in the range of 50 different metrics. These risk scores fall into three core areas. So supply chain disruptions and sustainability, that’s kind of the top rung here. Then economic indicators that are in the middle and then climate risk at the bottom. So each of these has a defined scope or what is it? They have an update frequency. There is a resolution or level of granularity that they get to. And what these tell you that for any given location, for example, is what is the risk of a natural disaster impacting that location in the future or if the country they’re located in is likely to experience civil unrest or corruption in the future? What about climate risk for the location such as drought or extreme flooding? So all of these are meant to help you make more informed sourcing decisions to design a more resilient supply chain network.
And in addition to the scores, we also provide a default risk model that you can use as is or configure it to meet your needs. And you only have to use the scores that are important to you. It’s not required to use all of them. So you can use some in some categories, but not others. Maybe there’s entire categories that you have other sources for. It’s really up to you. So to this, you can also add your own internal risk scores to our model. So for example, things like supplier on-time delivery or product quality are pretty common things we see. We have customers that survey their suppliers on various topics such as business continuity or sustainability, and then include those scores in the model. And I will touch on our survey service a little bit later in the presentation. We also have customers with existing subscriptions to third party risk data providers that they would like to continue using.
Think of providers like a d and b or rapid ratings or an EcoVadis. So we can bring that risk data into our platform as well. And we have standard integrations to the most common third parties that our customers use. Then at each level of the model, you can define a weighting or a relative priority, and you can do this at the individual risk level, you can do it at the category level and then internal versus external. And then the combination of the external scores here that we provide, plus the internal scores that you can add to the model, determine what the overall risk score is for that supplier. And that means that you can easily identify suppliers that are higher on that risk so that you can target them for mitigation. Again, either working with them to resolve the particular threat or potentially have to move away from them.
So how it looks in the platform, and I’ll show you this in a demo a little bit later, but just to kind of orient you to this, is that on the left is the overall strategic risk score. So this is the one number that you can use to objectively compare suppliers to one another. What we see in a lot of companies is that different parts of the organization, they’re all measuring suppliers, but they have different metrics, different scales, different systems, different formats that they’re doing that in. So there is not a singular overall view of the supplier. So we provide a framework for you to be able to do that, come up with a standard methodology, a standard approach to include all of the risk data that you have on a particular supplier. So over to the right of that, you see that we have the external scores on the left, internal scores on the right.
Again, external is what we provide. Internal is what you can add. Those scores are going to be trended over time, so you can see if they’re increasing or decreasing. And then below those you see the various categories and individual risk scores that fit into those categories. And then it’s the combination of the internal risk plus the external risks that determine what the overall strategic risk score is. This might be as simple, it might be a 50 50 if you value your internal risk more than the external risks, and maybe you can weight them higher, but it’s meant to be very configurable to meet your needs. And then we do this at an individual location level, individual site level. So then we can aggregate that data up into dashboards. Look at it at a company level. Maybe you have multiple locations for the same supplier, so you want to look at a company level. You can aggregate it up to country levels, regional levels, and I can show you that in the demonstration later as well.
So in terms of external risks, as I mentioned, there’s approximately 50 different risks, maybe across 10, 10 or so different categories. And we vet these scores and the providers as part of our due diligence process to make sure that we’re finding the very best data sources from the leading firms in their fields for you. So companies like Munich, re s and p, global as well as others specializing in compliance and keeping up with the ever-changing regulatory landscape. Our clients are often asking or challenging us on new risk categories and metrics they’d like to see. And like any other feature requests that comes in, if it makes sense for the majority of our customers and we try to accommodate or at least come to a fair compromise. And when adding new risks, we’re always going to look at our existing data sources first. We don’t want to proliferate the number of vendors we have to manage, and plus we need to make sure that all of these risks are global. They provide global coverage because our clients are global. We don’t want to bombard you with hundreds and hundreds of different risk scores that you then have to handpick the ones that are relevant to you. We try to find the right balance to give you what you need while not making it overwhelming or to complex.
And we believe in full transparency, risk scoring and risk assessment should not be a black box because you are going to likely have to defend these scores with your management and your suppliers. So you need to know where the data’s coming from and how it was calculated. So each external risk in the platform that we provide has a story behind it. So all that information is readily available for you to view directly in the platform. You see that example of that on the right hand side here. You just click on the risk and then you see all of the details about it. How often is that score updated? The frequency, where is the source of it, where is it coming from, what’s the level of granularity, how detailed is it? And then the description, the methodology, and the scale for how do we determine if it’s a high, medium or low risk? So we score on a scale of one to 25, so one being low, 25 being high. So we bucket them within those high, medium, or low, but you have complete transparency to how those scores are calculated and it’s available again directly in the platform.
So that was a lot about external scores. So let’s move over to internal scores now. So internal scoring, it is really free format. So you’re able to include whatever information that you feel is relevant, any information that you feel is needed to help you risk assess your suppliers. So typically how we see customers using the internal scorecard is to represent inside knowledge. They have on a supplier information that’s not available anywhere else. It’s not in the public domain. It could be behind a paywall, but it’s specifically related to that supplier and or that supplier location. More recently, we’ve also seen people leveraging the internal scorecards to help comply with the new and emerging regulations. That’s a pretty hot topic now, and we have some examples on the next slide to give you an idea for your organization possibly. And we generally see these risks coming from one of several different places.
At a client company, they could be in an internal system or a data lake, maybe even in a spreadsheet sitting on someone’s desktop. They could come from surveying the supplier, they could come from a third party risk data provider. We can import or ingest the data from these systems, or you also have the option to edit them directly in the user interface, in which case you can just simply enter the numeric score from one to 25. Or it could also be a question that the system asks or that you have to answer something simple like is this a single source supplier? Yes or no? And if you say yes, then it’s going to get a higher risk score indicating a higher potential risk. And if you say no, it’s going to get a lower score. So it’s pretty flexible to accommodate your needs.
And we took a look across various industries and came up with what we consider to be best practice internal risk scores, and then we pre-populated them in the system for you to take advantage of and they fall in three primary categories. You can see kind of down the left hand side of the slide here, material related sustainability supplier. Probably the most common we see at most companies are supplier performance related, things like on-time delivery, product quality, some are interested in supplier capacity or maybe the criticality of the material that that supplier is providing to them. We have our own external sustainability metrics that we provide, but some customers compliment those with their own from either surveying the supplier or maybe using a third party like EcoVadis. Similar for financial health or cyber leveraging third party data that’s possible to bring into our platform. We partner with those companies and have standard integrations for the most common ones that our clients use.
But we do know that we’re going to have situations where we’re not going to have pre-populated or have these standard risk scores in there. So we’re on the right hand side. We do provide you 10 different flex fields so that you can include your own internal risk scores. So you can define what you want them to be, what category they’re in, how you want to score them. So for example, has our supplier signed our code of conduct? Do we have a penalty clause with them? Those are some examples that we’ve seen out there. And if I didn’t mention it earlier is that the use of these internal scores is completely optional. You don’t have to use them in the platform, but if you do want to, they’re there for you to take advantage of.
So I mentioned surveys several times earlier, and some people call these questionnaires or assessments, the same idea, same concept. Everstream has a survey service that customers can use and they use it for a variety of purposes. It could be a simple customer satisfaction survey, are we doing a good job? What can we do to improve kind of thing? Or maybe you’re looking to verify sub-tier suppliers that we’ve discovered using our big data and AI capabilities. That’s going to be a separate webinar. But in the context of strategic risk scoring, it’s often to find out something about the supplier that you can then use to risk score them on. So you send them a survey and then based upon how they respond to that survey is going to generate a risk score that then can become part of that internal risk scorecard that we saw earlier.
So again, common examples are do you have a business continuity plan? What is that plan? Or do you have a sustainability strategy? What is that strategy? Did you sign our supplier code of conduct? Did you agree to that? So those are all different types of topics that customers might survey their suppliers on. And we provide surveys as a complete turnkey offering in the platform, meaning that we manage all of it for you. You don’t have to learn a new system or a new tool. So how it works is starting on the left and working right here is that you can select a standard template or you can give us your questionnaire and then we’ll create that new survey template for you. You tell us who you want to send the survey to. You can define an internal risk metric. The survey is meant to feed into, if any, and then how the scoring and the weighting of the questions on the surveys work.
And then based on a survey timeline, the system can send automated reminders. So if someone hasn’t responded to the survey within two weeks of an ending, within one week of an ending, it can send an automated reminder. You have complete control over any messages that get sent the content in those emails, but we have templates that we use that you can start with. So pretty straightforward process. You have visibility as to the status of the survey at any time, who’s responded, who hasn’t. And then at the end, what do you want to do with the results? You just want to see them in a report or do they feed into a risk score within the scorecarding? And then which one? So it’s a very, very flexible and comprehensive process. So that was just a quick run through of what the scorecards are and what they do, some ideas about how you can leverage them. I’m going to flip over and just give you a quick demonstration of what they look like and the platform now. So hopefully everyone can see my screen now.
So in the platform here, you have the ability to set up different views. The idea is that different parts of the organization can all be using the same risk management platform, but you may have different views depending upon what your role is, what your responsibility is. So if you’re looking at incidents, which are disruptions, events, threats, if you’re in the logistics team, maybe you want to look at just those impacting airports and ports. If you’re into risk management team, then you want to look at all the high risk. If you’re a commodity manager, maybe you want to see the commodity risks. Cyber ESG, again, depending upon your role, you can set up your own views. So we have views for incidents, views for facilities or locations discovered or sub-tier facilities and locations, transportation lanes and shipments. For the strategic risk scorecarding, the easiest to get to is using the facilities or the locations views here.
Speaker 2:
So here again, I set up different views for different ways that I like to work in the platform. And I have one here for high strategic risk. So this is looking out across my supply chain network and saying which suppliers have the highest strategic risk scores out there that I might want to investigate? So we see a list here, I click on this guy, and you’ll notice that for each location we’ve maintained two different scores. There’s an incident score, so this is the current threat, what’s happening now, what’s about to happen in the next day in the next week. And then there’s this strategic score. What’s the likelihood that something might impact the supplier in the future? So the strategic score here is what we’ve been talking about and what we’ll focus on. So we’ll drill down, go to the strategic score here, and now you see a screen that hopefully looks familiar to the slide that we saw earlier, but just quickly recap, strategic risk scorecards, you have external risks.
These are coming from everstream. You have internal risks that you can add to the platform. External risks fall into these different categories, natural disasters, operational political violence, sociopolitical sustainability, risk to individuals and won’t hover over all of them, but you’ll notice that they also have a weighting or a percentage. So the width of the column indicates it’s relative weighting within that external risk. And then the height of the individual risk indicate it’s weighting within that category. So how you would read this is that this risk here of corruption, there’s a higher likelihood that the supplier location is going to experience corruption than it is a flash flood than it is a tropical storm. So those are how the color coating and the heat map works. You click on one of the risks here and you can see what it’s about, how it’s calculated, where it comes from.
So this one is updated on a yearly basis. It comes from Munich Re, it’s at a 250 meter level of granularity. Click on another one, customs delay. This one comes from World Bank. It’s at a country level of granularity. You see its methodology. What’s this one? Civil unrest comes from s and p Global 500 meters weekly updated. So you get the idea. Again, we want to be fully transparent what the risks are, where they’re coming from. So you have all of that available to you in the platform. And then to our external risks, you can add your internal risks. So these categories here, like performance, business continuity, cyber, you would define what these are. You would define the weighting associated with them, and then which risk scores fit into those categories. And these could come from internal systems and metrics that you’re already capturing. It could come from a third party, like a financial health score, cyber health score, sustainability score could come from a survey that you’re executing with your suppliers.
And then it’s the combination of these internal scores. Everything rolls up. So every score has a waiting, every category has a waiting. And then the combination of this internal risk plus the external risk determines this one number overall strategic risk score. So it could be a 50 50 split, could be 60 40, 80, 20. Again, it’s up to you to define those models. And also worth noting that the same location can have multiple risk models for different purposes. So you might have a, maybe this is my basic procurement risk model. Maybe I want to have a different climate risk model, a different one for CS, triple D. So if I click on my climate risk model here I see we have these is our eight different climate projection indices that we have around fire and heat precipitation. And similar to the others, you click on them, you get a description of what it is.
You can see the details of how and when it’s updated for the climate. Ones are a little bit different though because climate we’re actually projecting into the future. So we’re looking at the risk of climate for heat projection for this particular location in 20 30, 20 40 out to 2100, across four different scenarios, kind of the most optimistic scenario where everyone works together, the wealthier countries are helping the less wealthy countries. We’re moving away from fossil fuels to the more pessimistic scenarios at the top. So you get different ranges for how that’s going to project. So all of these metrics are very useful to help make decisions around sourcing and choosing which strategic suppliers that you would like to do business with. So all of this information is maintained, collected at an individual location level, and then you can aggregate those up into higher levels and the dashboards. Franzi, do a check on me on time here. I want to make sure that we leave some q and a time at the end here, but give me two minutes on this and I think we’ll be good.
Franziska Nothofer:
That’s perfect. That works
Greg Leary:
Great. So on the discovered facility dashboards, what’s interesting about this one is that here we’re not looking at just your direct material suppliers, but we’re looking at the sub tiers, so the multi-tier supply chain, so like tier twos and tier three suppliers as well. So overall what we’re saying is that your supply chain network here has an average external risk score of a seven, which is pretty good. It’s on the upper edge of a low category for us, that’s across 848 different facilities. So you can see from a country standpoint how they rate, so Canada’s at a four US is at a five, Mexico is at a nine. You can see where the individual sub tier locations are located. And then as you scroll down, you get more and more detail, the different ranges for the scores and the different categories, who the highest risk sub-tier suppliers are.
And then eventually you get down to all the very detailed data. So what we were looking at previously for an individual location, that’s where this data comes from. This is all the individual location data that we’re then aggregating up in a dashboard. So how I’ve seen companies use these is that maybe you want to look at from a final product. So the product that you’re selling to your customers, how am I risk scored across all the suppliers that provide all the components that go into that product. So you can do that. Maybe you want to look at individual tier one or direct material suppliers. Maybe you want to look at it from a country perspective, which countries have the highest risk scores for me? Or similarly from a material or product category, HS codes in this case, which ones have the highest risk scores? Probably the most common though is that I see that show me where I have a supplier that has a high risk score in a category that I might then need to do something about that I may need to work with them.
So you say, all right, select high. You see now my average score goes up dramatically to 20 and I have suppliers with high risk scores across a lot of different categories across all my major categories. I can narrow that down a little bit and say maybe I’m just looking at tsunamis specifically I’m concerned about. So you can select that and then it says, alright, now you’ve narrowed it down to the two suppliers that have a high risk score for tsunamis. You can see they’re located in Asia here, and eventually the detailed information below and any information in the dashboard you can export if you need to do some offline analysis on that. So with that, I think I’d like to take a pause and franzi if there’s any questions that have come in, happy to take those now.
Franziska Nothofer:
Perfect. Thanks so much Greg for the deep dive in the demo. We’ve had some questions come through from our audience and I’ll dive right into the first one. I know we’re almost at time. If you have to drop off, that’s not a problem. We’ll also share out the recording afterwards so you can listen to any questions come through and you can even pop your questions in the box and we’ll get back to you after the webinar. So the first one is, how have you seen customers using score cuts within their organizations?
Greg Leary:
Yeah, I’d say business continuity is probably the most obvious use case. Looking at which suppliers or putting you at risk by having them in their supply chain or by you doing business with them. Another good one is where to focus your sub tier or your interior discovery on. Most companies have hundreds if not thousands of direct suppliers. So the idea is start your sub-tier mapping on those with the highest strategic risk scores. Some of the newer compliance regulations have requirements for data that’s not in a public domain, so that’s another good use of internal scorecards. And then I think I showed it in the demo, you can also have multiple scorecards for the same supplier for different purposes within the organization. So you might have an ESG scorecard or a business continuity scorecard, one for UFLP or CS triple D. So those are probably the primary use cases that I’ve seen.
Franziska Nothofer:
Wonderful. Thank you for diving into that. Let’s cover one more. What key value have customers seen from using scorecards and everstream? Any standout examples?
Greg Leary:
Yeah, I think we had a bullet on it. Maybe one of the first slides is that we expect customers to be able to see a decrease in around 75% in disruptions over time by planning for a more resilient supply chain ahead of time. We do have customers who have been able to increase the resiliency for mission critical products by 10% year over year. We have other customers who have been able to reduce buffer stocks by around, I want to say 5% because they have more confidence in their networks to be resilient to risk. Therefore they don’t need to carry as much inventory. I feel a big one that may be harder to measure for some companies is the time that they spent to fulfill compliance regulations and identify where they have business continuity risk. Some customers have reported being able to reduce that effort on those activities by up to 90% because the scorecards automate a lot of that work that they have been manually doing to chase down, collect, collate, all those different metrics. Those are the big ones.
Franziska Nothofer:
That’s a very good example as well, especially with all those regulations popping up all over the world recently. So a lot of companies are affected by that. CS, triple D, U-F-L-P-A, you name it. So yeah, thank you for sharing some numbers on that front. We will wrap the session up shortly and any other questions that have come through, thank you for asking those. We’ll get back to you after the session. And thanks Greg for sharing the insights. That was very, very insightful. And if you have any further questions for our experts after the webinar, anything popping up, please reach out to us [email protected]. And before we wrap up today’s session, we also have some great news to share this month. Everstream Analytics has been named a leader in the Gartner Magic Quadrant for supplier risk management solutions. And the full complimentary report, including some really interesting industry insights, will be available on our website later this week. So do keep an eye out for that. And thanks again, Greg, for the presentation and demo today and for everyone who joined, and we hope to see you soon. Thank you so much.