Breaking Down the Risks: Supply shortages/constraints / Competitive alternatives

Supply will never be assured. You have to be ready for that! Let’s again begin by expounding the pounding and then give a few tips on reducing the risks.

Expounding the Pounding

In some ways, this is one of the key risks contributing to the rising cost/spend pressure risk that we discussed in our last article, because even if an organization doesn’t see it, their tier 1 (and tier 2) suppliers will!

However, it is definitely its own category as there might be a surplus of supply, but current constraints make it inaccessible. For example, in the rare earths category in particular, the majority of global supply might be from one or two countries. If those countries become inaccessible due to a sanction, border closing due to a war or geopolitical unrest, or a logistics (cost) nightmare, then you effectively have a shortage even if there are theoretically stockpiles in a warehouse waiting for someone.

Plus, you don’t just have constraints around production, you have them around logistics (how many pallets can fit in the truck, how many pallets in the container, how many containers you can have on the ship, etc.), intermediate storage, export and import (as there are quotas and limits and passing those can be costly), and so on. All of these constraints can impact your supply and cause chaos.

Reducing the Risk

The two generic answer(s) here are the same as two of the answers to the risk of rising costs in our last post. You need to ensure that you always have

  1. Alternate Supply Sources Always Active
  2. Alternative Product/Component/Material Pre-Defined

That’s it. If supply is not available from supplier A, you need to have a supplier B on retainer (low minimum contract) ready to go. If there is all of a sudden no significant source for a material (due to a disaster, border closing, or trade route interruption), then you need to have an alternate design that can use an alternate material and switch production.

Breaking Down the Risks: Rising cost/ spend pressures/inflation

This risk is as old as Procurement itself. Demand drives prices. Always has, always will. But let’s start by expounding the pounding before we give you a few tips to deal with it.

Expounding the Pounding

Costs rise. Continually. The average rate of inflation in the United States over the past hundred years is approximately 3.2%. That means that something that cost $1 in 1914 would cost approximately $33 today. Costs go up. However, costs are not static. During pandemics, wars, natural disasters, and market crashes where there are huge drops in supply and surges in demand, or vice-versa, the average rate of inflation can quintuple or more (with a recorded rate of 23.7% in June 1920). The same happened to shipping costs during the pandemic. Three thousand dollar shipping contains shot up to thirty thousand, a factor of ten.

However, it’s not just inflation, and surges, that are the issue. It’s also consumer demand. If consumer demand shrinks as costs rise, and the company, and its suppliers, are unable to reach and maintain the optimal economy of scale, costs will rise even more. (Every company has its own optimal output level where it can operate at maximum efficiency and maximize outputs relative to inputs. If output is too low, and resources are not being used at capacity during regular operating intervals, the cost per unit of product is higher than it should be. Similarly, if that peak is surpassed, then overtime will need to be added, additional equipment and lines, which can’t be kept producing at optimal levels, will need to be added and so on.)

And, of course, it is available supply. If the product requires a renewable commodity or raw material where there are limited harvests or limited mining capacity, there just won’t be the supply to meet a rapid demand surge. This will cause prices to surge even more (as sellers sell only to the highest bidders as the balance of power shifts fully to them).

Due to the rapid rise in global market uncertainty around product and material availability and cost — due in part to an increase in natural disasters and extreme weather, wars, geopolitics and trade wars — managing this balance between consumer demand, market supply, cost, and inflation is a tough equation.

Reducing the Risk

There’s no easy or truly global solution here. Every category, and product, is different. Every supply and demand market is different. Every country has its own trade rules, economic plans, and sanctions. And all of this can change overnight. A mine collapse or factory fire. A rapid drop in demand due to recession. A new sanction or 145% tariff. And so on.

However, if we break it down, there are three main risks:

A) Unexpected Supply Unavailability

Due to a natural or man-made disaster, your (primary) source gets cut off.

B) Unexpected Drop in Consumer Demand

Due to a new external market condition (recession and/or massive layoffs, more popular competing product, brand backlash, etc.), consumer demand suddenly drops.

C) Unexpected rapid cost increase due to natural or man-made events.

A pandemic, droughts in Panama, or terrorists (in the Red Sea) slow down or cut off shipping routes and escalate costs. Or a mine collapse shoots up raw material costs.

For each of these risks, there is a primary solution:

A) Dual/Tri-Sourcing

It’s critical to always have an alternate source of supply in an alternate geography that can be scaled up rapidly if the primary source of supply becomes unavailable. Don’t do 80/20 or even 70/30 splits if the product, part, or material is critical. Do 60/40 and make sure both suppliers could handle at least 50% additional capacity before awarding. (That way you are still fine if the 40% supplier becomes unavailable as you should be able to scrape by long enough to find an emergency replacement supplier, even if the cost increases moderately. Most importantly, if the 40% supplier is willing to do some OT, you would still be fine for a short interval as long as you were willing to pay some OT related costs – and there’s no way that would be the case with a supplier getting less than 40% of the award.) Better yet, for (very) large categories, do 40/30/30 splits (possibly by giving majority per regions if your organization is global). In this situation, one supplier becoming unavailable wouldn’t be a serious problem as you’d be fine if the other suppliers could supply an extra 50% to 60%.

B) Flexible / Discount-Based Contracts

Never assuming continually increasing demand. Hope for it, but look at past averages, rises, and falls, and typical drops in demand from an unexpected, negative, market impact, and negotiate contracts for a range, with cost reductions (and not discounts) when thresholds are reached. In other words, once you know the expected worst case to expected best case range, ask for quotes for at least 3 tiers, the minimum, the expected, and the best case range and negotiate a contract with price breaks when certain demands are reached. (Suppliers will love to offer rebates when you hit a tier, but don’t fall for that because you’ll never realize them because the onus will be on you to prove that you’ve purchased the required quantity. Even if you have the best e-Procurement system on the planet and capture every order, as well as returns and show any refunds were accounted for, and can document it all, you still might not get the rebate. The supplier could claim hardship or, if the amount is significant enough, file for bankruptcy protection and restructuring. And even if they have the money, if you can’t assemble and provide the necessary documentation before the contract expires, forget about the rebate after the contract expires.) As long as you ensure every order, invoice, and goods receipt, flows through your e-Procurement system, you can ensure that as soon as the first discount tier is reached that you issue the PO for the lower amount. (And then your system will refuse to auto-approve it if the invoice doesn’t reduce the unit cost appropriately).

This way, you’re paying more than you’d like if you hit the worst case, but you’re not paying a huge penalty when you don’t hit the contracts and the suppliers come after you for damages.

C.i) Alternative Source Ramp-Up

If the price skyrocketed due to a supply issue with a specific region or supply base, you switch to the alternate supply in another region until the issue passes or you identify a new secondary (or tertiary) supplier for the product or component or material.

C.ii) Alternative Product/Component/Material

If the price skyrocketed due to a drop in supply, pushing all the power to the suppliers, then you switch to alternative products/components/materials. This is difficult because you need to have alternate designs ready to go for custom-made products and have previously identified alternatives for standard/off-the-shelf products which, while more costly or less desirable at the time, are now the most cost effective or most desirable products/components/materials due to the change in market dynamics by a material/component/product unavailability.

Unfortunately, while these solutions all sound simple, they are different for every category, product, material, organization, and geography. Risk management and supply assurance (as summarized the doctor‘s and Bob Ferrari’s Direct Sourcing MUST be Supply Chain Aware and Vice Versa series, summarized in Part 7) become as important as cost, and in some locales, carbon management when sourcing. The (expected) worst case has to be considered at all times and key events need to result in multiple, but balanced, awards.

And of course, when it comes to risk management, there will always be exceptions to the rule that you need to look out for.

STOP PAYING PROCURETECH/FINTECH ADVISORIES A DOLLAR JUST TO LOSE THREE DOLLARS!

Last week, in our post where we asked if ProcureTech Generated Billions While Practitioners Lost Trillions, we noted three things:

  1. Approximately 1.8 Trillion Dollars (more than the annual GDP of 92% of the countries on Earth) will be wasted this year on Tech-Related Spending
  2. Approximately 600 Billion Dollars will be spent with the big consultancies and analyst firms who do Financial (Technology) and Procurement (Technology) consulting and advisory
  3. That’s three dollars lost for every dollar spent on big consultancy and advisory firms

So how do you stem the bleeding? Especially if you can’t STOP spending mooney on tech advisory because you can’t stop spending money on technology because you can’t survive in today’s digital world without it?

You STOP forking over (high) six and seven figures without a guaranteed return! In other words, unless they save you some coin, then your money they will not purloin!

More specifically, if they are promising outcomes, then (the majority of) their compensation should be 100% dependent on outcomes. If you don’t make bank, then their compensation will tank.

To be even more precise, don’t buy:

  1. any technology platforms where the majority of compensation is tied to successful sourcing events, transactions, etc.
  2. any GPO services unless it’s 100% outcome oriented
  3. any functional outsourcing unless the majority of compensation is tied to ROI

Now, the technology providers and consultancies will push back, steadfastly claiming that their technology and services are worth way more than they are charging, but here’s how you counter:

  1. you will pay a base annual fee for the platform that will cover 150% of their base hosting costs, so they won’t lose, and then a percentage of transactions, identified savings through sourcing events, contract value, etc. where the percentage is calculated such that if you save 100% of their promised savings, they will make 50% more than what you would pay on a fixed cost after negotiation — if they are so confident in their claims, this should be a no-brainer
  2. you will pay a fixed amount on each transaction, calculated based upon the expected savings before you sign the contract, and if they can deliver the savings, you will definitely be using them regularly — and, as with the Tech Provider, you will calculate this so that they win bigger than if you pay them a fixed cost IF they generate a return for you
  3. you will pay a fixed rate per hour that is enough to cover the assigned personnel cost (their salary plus 30% overhead), and any compensation beyond that will be dependent on the department delivering an ROI beyond a certain amount (which is the amount required to cover the basic fee you are paying them); and again, you’ll fix the compensation such that if they deliver 100% or more of what they promise, they will win big too

Now, you’re probably saying the doctor is daft by telling you to offer them 50% more than what you’d have to pay on a fixed cost basis if they deliver, but here’s the reality, without incentive, THEY WILL NOT DELIVER!

There is an 88% technology failure rate across the board, and 94% failure rate if it’s a (Gen-) AI project. The reality is, as we pointed out in our series on how, even if they have good intentions in the beginning, your (technology) vendor will screw you, the vast majority of systems fail to deliver, because, once the contract is signed and you have access to the system, they have zero incentive to do anything else for you.

Similarly, once they have you on a multi-year contract, why should the GPO or consultancy have any incentive to go beyond the minimum? If you want them to continually serve you and look for ways to generate a return for you, make it worth their while. And then you won’t be paying them one dollar just to lose three dollars in return!

This is where you start. Then, you question any consulting contract over 100K to 200K as a mid-market and 1 Million as a large global enterprise. At that point you have to define the value you expect and what gain-share agreement you are going to craft to ensure it.

Breaking Down the Risks: IP/cyber attacks

The risk of cyber-attack and IP theft over digital domains is constant and high and not going away. Not much need to be expounding the pounding on this one, but we will and give you a few tips on reducing the risk.

Expounding the Pounding

Cyberattacks remain high. Incredibly high. In 2014, a high year for cyberattacks, a NetIQ (acquired by AttachmateWRQ) Cyberthreat Defense Report found that 71% of organizations were affected by a successful cyberattack in 2014 (while only 52% expected to fall victim again in 2015). ( Source )

In 2024, North American organizations experienced an average of 1,298 cyberattacks per week, according to Check Point Research, which represented a 55% year-over-year increase in attacks. These attacks affected over 70% of of small to medium-sized businesses, according to Embroker. In other words, despite the continued increase in security software, standards and protocols, cyberattacks haven’t decreased, and neither have their success rate.

Reducing the Risk

Procurement is going to have to finally embrace cybersecurity best practices in everything they do as well as work with IT to ensure that all of the applications they buy or license meet these best practices as well.

Note that when we say best practices, we don’t just mean ensuring the technology meets all the latest specs, but that the organization, and its personnel, also ensures that they they take information security, operational security, and physical security seriously as well. An organization that doesn’t protect its information outside of systems is insecure, and if this includes passwords, the systems have been compromised with one login attempt. An organization that doesn’t maintain proper physical security makes it easy for an experienced hacker (who understands social engineering) to walk in, access a system that is logged in, extract the access keys for the broader systems, and the organization’s systems are then completely accessible by a hacker. And of course, if the organization doesn’t maintain proper operational security, its employees will let hackers right in no questions asked and all of the systems will be compromised.

This will require proper training and monitoring until everyone understands the issues across the entire organization.

Breaking Down the Risks: Natural/Man-Made Disasters

Disasters are on the rise. Why? Well, as per our last installment on talent, we are going to be expounding the pounding and giving you tips on reducing the risk.

Expounding the Pounding

As climate change has intensified, the number of natural disasters has risen sharply. Between 1980 and 1999, we experienced roughly 4,200 disaster events. Between 2000 and 2019, we experienced roughly 7,300 for an increase of roughly 75%.

Many of these were quite significant. According to the NOAA National Centers for Environmental Information, between 1980 and 2024, the US alone sustained 403 weather and climate disasters where overall costs and damages exceeded $1 Billion dollars (when CPI was adjusted to 2024) (Source: NCEI). The total cost of these events for the US has exceeded $2.9 Trillion dollars and resulted in 16,941 deaths.

Moreover, while the overall average frequency of Billion dollar weather/climate disasters over the last 45 years is 9, the average over the last 5 years is 23! In other words, natural weather/climate disasters are coming harder and faster than ever before (and the pace is still increasing).

If we turn our attention to the United Nations Office for Disaster Risk Reduction and review their 2025 Global Assessment Report on Disaster Risk Reduction (GAR), they found that while the direct costs of disasters averaged $70 Billion to
$80 Billion a year between 1970 and 2000, between 2001 and 2020 the costs ballooned to between $180 and $200 Billion a year and that disaster costs now exceed $2.3 Trillion ANNUALLY. Let that sink in. The global cost of natural disasters is now so great that only seven (7) countries have a GDP that exceeds that cost. In other words, the cost of these disasters, of which we now experience almost 400 a year (as the Emergency Events Database recorded 393 natural hazard related disasters in 2024, see ReliefWeb) exceeds the GDP of Russia, Canada, and Italy!

You’re going to be impacted by a natural disaster in the very near future to some extent. In most first world countries where a survey has been done the results are consistent: Four (4) out of Five (5) corporations agree that natural and climate disasters hurt because they were impacted in the last 5 years. Moreover, with the rapid rise in disasters your chance of not being impacted by a natural or climate disaster in the next 5 years is trending down to 10%. In other words, your chance of being impacted is 90%. It’s beyond the point that you have any chance of being one of the lucky ones. As per a 2023 Forbes article based on an Allianz Global Corporate & Specialty (AGCS) report, natural catastrophes are the largest driver of corporate insurance losses in the US because luck can’t save you now!

And we haven’t even started to talk about man-made disasters due to bad design, bad construction, bad maintenance, or just bad negligence that can result in entire skyrises being lost, manufacturing districts going up in smoke, ports exploding, entire swaths of land becoming unavailable due to nuclear meltdowns, global pandemics due to bacterial and viral leaks from research labs, and so on.

Reducing the Risk

Insurance

Do not, we repeat, do not forego the insurance! You will need it. However, unless you can prove you are employing best practices across the board this could be expensive. So you also need to employ a number of other best practices to make the insurance companies happy. (Although their Ren & Stimpy days are over. No more happy, happy, joy, joy because gone are the days when they only take in and never pay out.)

Third Party Vetting

Think those third party risk management / third party compliance management (TPRM/TPCM) solutions are a nice-to-have that you can wait on? Think again. You need to vet every supplier, every carrier, and every partner involved in the delivery of your goods from the factory to the store (and every warehouse, port, and transfer point in between). You need to prove you did your best to ensure only legitimate actors were in your supply chain so that you have some recourse (with insurance) when the shipment gets damaged or disappears (and to make sure you can afford your insurance premiums).

Overall Risk Vetting in Source Selection

Before you select a supplier as your chosen source of supply, you need to understand the 360-degree risks which are not just the supplier risks of financial stability, compliance, quality, human rights, and so on, but the risks related to its geolocation(s). Are there tensions between the country you are operating in and the country the supplier is operating/producing in that could lead to sanctions? Is there unrest that could lead to border closings due to uprisings? Is the area prone to natural or climate disasters that have been increasing in frequency in recent years? Etc. If the overall risk is high, and there is another supplier of comparable (which could mean slightly higher) cost that is considerably less risky, then you should be choosing the alternate, slightly higher, cost supplier.

Shipment Tracking / T(I)MS

You need to be tracking all of your shipments, and, preferably, have a Transportation (Information) Management System (T(I)MS) that integrates with your carriers. At the very least, you need to know when a shipment reaches each stop and then sets out for the next stop in the chain and know where it should be at all time. If the cargo is very high value or the carrier is a common target of criminal organizations because of what they typically carry (and that includes items like cell phones, laptops, and gold bars), then you need to ensure that the shipment is tagged and the truck, container, etc. is sending real time cellular signals at all time, that the carrier is monitoring their systems 24/7/365, and if a shipment ever goes dark for more than a few minutes or too far off course, and the driver cannot be immediately reached, law enforcement is immediately engaged. Unless, of course, you can afford to have 40 Million disappear! (A 40 foot shipping container can hold 44,000 iPhones. High end i-Phones are all 1K (or more) a pop. Do the math.)