Here are some excerpts:
Gardner: Padmini, we heard at SAP Ariba LIVE that risk is opportunity. That stuck with me. Are the technologies really now sufficient that we can fully examine risks to such a degree that we can turn that into a significant business competitive advantage? That is to say, those who take on risk seriously, can they really have a big jump over their competitors?
Ranganathan: I come from Silicon Valley, so we have to take risks for startups to grow into big businesses, and we have seen a lot of successful entrepreneurs do that. Clearly, taking risks drives bigger opportunity.
But in this world of supplier and supply chain risk management, it’s even more important and imperative that the buyer and supplier relationships are risk-aware and risk-free. The more transparent that relationship becomes, the more opportunity for driving more business between those relationships.
That context of growing business — as well as growing the trust and the transparent relationships — in a supply chain is better managed by understanding the supplier base. Understanding the risks in the supplier base, and then converting them into opportunities, allows mitigating and solving problems jointly. By collaborating together, they form partnerships.
Gardner: Dan, it seems that what was once acceptable risk can now be significantly reduced. How do people in procurement and supply chain management know what acceptable risk is — or maybe they shouldn’t accept any risk?
Adamson: My roots are also from Silicon Valley, and I think you are absolutely right that at times you should be taking risks — but not unnecessarily. What the procurement side has struggled with — and this is from me jumping into financial institutions where they treat risk very differently through to procurement – is risk versus the price-point to avoid that risk. That’s traditionally been the big problem.
For every vendor that you on-board, you have to pay $1,000 for a due diligence report and it’s really not price-effective. But, being able to maintain and monitor that vendor on a regular basis at acceptable cost – then there’s a real risk-versus-reward benefit in there.
What we are helping to drive are a new set of technology solutions that enable a deeper level of due diligence through technology, through cognitive computing, that wasn’t previously possible at the price point that makes it cost-effective. Now it is possible to clamp down and avoid risk where necessary.
Gardner: James, as a consumer of some of these technologies, do you really feel that there has been a significant change in that value equation, that for less money output you are getting a lot less risk?
Knowing what you’re up against
Johnson: To some degree that value was always there; it was just difficult to help people see that value. Obviously tools like this will help us see that value more readily.
It used to be that in order to show the value, you actually had to do a lot of work, and it was challenging. What we are talking about here is that we can begin to boil the ocean. You can test these products, and you can do a lot of work just looking at test results.
And, it’s a lot easier to see the value because you will unearth things that you couldn’t have seen in the past.
Whereas it used to take a full-blown implementation to begin to grasp those risks, you can now just test your data and see what you find. Most people, once they have their eyes wide open, will be at least a little more fearful. But, at the same time — and this goes back to the opportunity question you asked — they will see the opportunity to actually tackle these risks. It’s not like those risks didn’t exist in the past, but now they know they are there — and they can decide to do something about it, or not.
Gardner: So rather than avoid the entire process, now you can go at the process but with more granular tools to assess your risks and then manage them properly?
Johnson: That’s right. I wouldn’t say that we should have a risk-free environment; that would cost more money than we’re willing to pay. That said, we should be more conscious of what we’re not yet willing to pay for.
Rather than just leaving the risk out there and avoiding business where you can’t access information about what you don’t know — now you’ll know something. It’s your choice to decide whether or not you want to go down the route of eliminating that risk, of living with that risk, or maybe something in between. That’s where the sweet spot is. There are probably a lot of intermediate actions that people would be taking now that are very cheap, but they haven’t even thought to do so, because they haven’t assessed where the risk is.
Gardner: Padmini, because we’re looking at a complex landscape — a supply chain, a global supply chain, with many tiers — when we have a risk solution, it seems that it’s a team sport. It requires an ecosystem approach. What has SAP Ariba done, and what is the news at SAP Ariba LIVE? Why is it important to be a team player when it comes to a fuller risk reduction opportunity?
Ranganathan: You said it right. The risk domain world is large, and it is specialized. The language that the compliance people use in the risk world is somewhat similar to the language that the lawyers use, but very different from the language that the information technology (IT) security and information security risk teams use.
The reason you can’t see many of the risks is partly because the data, the information, and the fragmentation have been too broad, too wide. It’s also because the type of risks, and the people who deal with these risks, are also scattered across the organization.
So a platform that supports bringing all of this together is number one. Second, the platform must support the end-to-end process of managing those supply chain relationships, and managing the full supply chain and gain the transparency across it. That’s where SAP Ariba has headed with Direct Materials Sourcing and with getting more into supply chain collaboration. That’s what you heard at SAP Ariba LIVE.
We all understand that supply chain much better when we are in SAP Ariba, and then you have this ecosystem of partners and providers. You have the technology with SAP and HANA to gain the ability to mash up big data and set it in context, and to understand the patterns. We also have the open ecosystem and the open source platform to allow us to take that even wider. And last but not the least, there is the business network.
So it’s not just between one company and another company, it’s a network of companies operating together. The momentum of that collaboration allows users to say, “Okay, I am going to push for finding ethical companies to do business with,” — and then that’s really where the power of the network multiplies.
Gardner: Dan, when a company nowadays buys something in a global supply chain, they are not just buying a product — they are buying everything that’s gone on with that product, such as the legacy of that product, from cradle to PO. What is it that OutsideIQ brings to the table that helps them get a better handle on what that legacy really is?
Dig deep, reduce risk, save time
Adamson: Yes, and they are not just buying from that seller, they are buying from the seller that sold it to that seller, and so they are buying a lot of history there — and there is a lot of potential risk behind the scenes.
That’s why this previously has been a manual process, because there has been a lot of contextual work in pulling out those needles from the haystack. It required a human level of digging into context to get to those needles.
The exciting thing that we bring is a cognitive computing platform that’s trainable — and it’s been trained by FinCrime’s experts and corporate compliance experts. Increasingly, supply management experts help us know what to look for. The platform has the capability to learn about its subject, so it can go deeper. It can actually pivot on where it’s searching. If it finds a presence in Afghanistan, for example, well then that’s a potential risk in itself, but it can then go dig deeper on that.
And that level of deeper digging is something that a human really had to do before. This is the exciting revolution that’s occurring. Now we can bring back that data, it can be unstructured, it can be structured, yet we can piece it together and provide some structure that is then returned to SAP Ariba.
The great thing about the supply management risk platform or toolkit that’s being launched at SAP Ariba LIVE is that there’s another level of context on top of that. Ariba understands the relationship between the supplier and the buyer, and that’s an important context to apply as well.
How you determine risk scores on top of all of that is very critical. You need to weed out all of the noise, otherwise it would be a huge data science exercise and everyone would be spinning his or her wheels.
SAP Ariba understands the relationship between the supplier and the buyer, and that’s an important context to apply.
This is now a huge opportunity for clients like James to truly get some low-hanging fruit value, where previously it would have been literally a witch-hunt or a huge mining expedition. We are now able to achieve this higher level of value.
Gardner: James, Dan just described what others are calling investigative cognitive computing brought to bear on this supply chain risk problem. As someone who is in the business of trying to get the best tools for their organization, where do you come down on this? How important is this to you?
Johnson: It’s very important. I have done the kinds of investigations that he is talking about. For example, if I am looking at a vendor in a high-risk country, particularly a small vendor that doesn’t have an international presence that is problematic for most supplier investigations. What do I do? I will go and do some of the investigation that Dan is talking about.
Now I’m usually sitting at my desk in Chicago. I’m not going out in the world. So there is a heightened level of due-diligence that I suspect neither of us are really talking about here. With that limitation, you want to look up not only the people, you want to look up all their connections. You might have had a due-diligence form completed, but that’s an interested party giving you information, what do you do with it?
Well, I can run the risk search on more than just the entity that I’m transacting with. I am going to run it on everyone that Dan mentioned. Then I am going to look up all their LinkedIn profiles, see who they are connected to. Do any of those people show any red flags? I’d look at the bank that they use. Are there any red flags with their bank?
I can do all that work, and I can spend several hours doing all that work. As a lawyer I might dig a little deeper than someone else, but in the end, it’s human labor going into the effort.
Gardner: And that really doesn’t scale very well.
Johnson: That does not scale at all. I am not going to hire a team of lawyers for every supplier. The reality here is that now I can do some level of that time-consuming work with every supplier by using the kind of technology that Dan is talking about.
The promise of OutsideIQ technology is incredible. It is an early and quickly expanding, opportunity. It’s because of relationships like the one between SAP Ariba and OutsideIQ that I see a huge opportunity between Nielsen and SAP Ariba. We are both on the same roadmap.
Nielsen has a lot of work to do, SAP Ariba has a lot of work to do, and that work will never end, and that’s okay. We just need to be comfortable with it, and work together to build a better world.
Gardner: Tell us about Nielsen. Then secondarily, what part of your procurement, your supply chain, do you think this will impact best first?
Automatic, systematic risk management
Johnson: Nielsen is a market research company. We answer two questions: what do people watch? And what do people buy? It sounds very simple, but when you cover 90% of the world’s population, which we do – more than six billion people — you can imagine that it gets a little bit more complicated.
We house about 54 petabytes of database data. So the scale there is huge. We have 43,000 employees. It’s not a small company. You might know Nielsen for the set-top boxes in the US that tell what the ratings were overnight for the Super Bowl, for example, but it’s a lot more than that. And you can imagine, especially when you’re trying to answer what do people buy in developing countries with emerging economies? You are touching some riskier things.
In terms of what this SAP Ariba collaboration can solve for us, the first quick hit is that we will no longer have to leverage multiple separate sources of information. I can now leverage all the sources of information at one time through one interface. It is already being used to deliver information to people who are involved in the procurement chain. That’s the huge quick win.
The secondary win is from the efficiency that we get in doing that first layer of risk management. Now we can start to address that middle tier that I mentioned. We can respond to certain kinds of risk that, today, we are doing ad-hoc, but not systematically. There is that systematic change that will allow us to not only target the 100 to 200 vendors that we might prioritize — but the thousands of vendors that are somewhere in our system, too.
That’s going to revolutionize things, especially once you fold in the environmental, social and governance (ESG) work that, today, is very focused for us. If I can spread that out to the whole supply chain, that’s revolutionary. There are a lot of low-cost things that you can do if you just have the information.
So it’s not always a question of, “am I going to do good in the world and how much is it going to cost me?” It’s really a question of, “What is the good in the world that’s freely available to me, that I’m not even touching?” That’s amazing! And, that’s the kind of thing that you can go to work for, and be happy about your work, and not just do what you need to do to get a paycheck.
Gardner: It’s not just avoiding the bad things; it’s the false positives that you want to remove so that you can get the full benefit of a diverse, rich supplier network to choose from.
Johnson: Right, and today we are essentially wasting a lot of time on suspected positives that turn out to be false. We waste time on them because we go deeper with a human than we need to. Let’s let the machines go as deep as they can, and then let the humans come in to take over where we make a difference.
Gardner: Padmini, it’s interesting to me that he is now talking about making this methodological approach standardized, part of due-diligence that’s not ad-hoc, it’s not exception management. As companies make this a standard part of their supply chain evaluations, how can we make this even richer and easier to use?
Ranganathan: The first step was the data. It’s the plumbing; we have to get that right. It’s about the way you look at your master data, which is suppliers; the way you look at what you are buying, which is categories of spend; and where you are buying from, which is all the regions. So you already have the metrics segmentation of that master data, and everything else that you can do with SAP Ariba.
The next step is then the process, because it’s really not a one-size-fits-all. It cannot be a one-size-fits-all, where every supplier that you on-board you are going to ask them the same set of questions, check the box and move on.
I am going to use the print service vendor example again, which is my favorite. For marketing materials printing, you have a certain level of risk, and that’s all you need to look at. But you still want, of course, to look at them for any adverse media incidents, or whether they suddenly got on a watch-list for something, you do want to know that.
But when one of your business units begins to use them for customer-confidential data and statement printing — the level of risk shoots up. So the intensity of risk assessments and the risk audits and things that you would do with that vendor for that level of risk then has to be engineered and geared to that type of risk.
So it cannot be a one-size-fits-all; it has to go past the standard. So the standardization is not in the process; the standardization is in the way you look at risk so that you can determine how much of the process do I need to apply and I can stay in tune.
Gardner: Dan, clearly SAP Ariba and Nielsen, they want the “dials,” they want to be able to tune this in. What’s coming next, what should we expect in terms of what you can bring to the table, and other partners like yourselves, in bringing the rich, customizable inference and understanding benefits that these other organizations want?
Constructing cognitive computing by layer
Adamson: We are definitely in early days on the one hand. But on the other hand, we have seen historically many AI failures, where we fail to commercialize AI technologies. This time it’s a little different, because of the big data movement, because of the well-known use cases in machine learning that have been very successful, the pattern matching and recommending and classifying. We are using that as a backbone to build layers of cognitive computing on top of that.
And I think as Padmini said, we are providing a first layer, where it’s getting stronger and stronger. We can weed out up to 95% of the false-positives to start from, and really let the humans look at the thorny or potentially thorny issues that are left over. That’s a huge return on investment (ROI) and a timesaver by itself.
But on top of that, you can add in another layer of cognitive computing, and that might be at the workflow layer that recognizes that data and says, “Jeez, just a second here, there’s a confidentiality potential issue here, let’s treat this vendor differently and let’s go as far as plugging in a special clause into the contract.” This is, I think, where SAP Ariba is going with that. It’s building a layer of cognitive computing on top of another layer of cognitive computing.
Actually, human processes work like that, too. There is a lot of fundamental pattern recognition at the basis of our cognitive thought, and on top of that we layer on top logic. So it’s a fun time to be in this field, executing one layer at a time, and it’s an exciting approach.
You may also be interested in:
Source: SANS ISC SecNewsFeed @ May 2, 2017 at 02:09PM