To keep pace with the rising demands of operating in an increasingly complex business environment, utilities are turning to external suppliers as never before. They’re looking for help with tasks ranging from the relatively mundane (such as vegetation management and the handling of customer calls) to the complex (including the facilitation of distributed power generation and the execution of large infrastructure projects). While the benefits of leveraging supplier capabilities are clear, the risks—including cyber, reputational, financial, legal, and regulatory ones—generated for utilities are potentially vast. The practice can also unwittingly thrust utilities into the headlines, as illustrated by the recent, rather unflattering press coverage of a number of high-profile incidents in which utilities’ suppliers played a prominent role.
Fortunately, the risks associated with the use of suppliers can, in fact, be identified and mitigated. (See Exhibit 1.) But that requires taking a comprehensive, well-constructed approach—one that few utilities, in our observation, currently employ. Reasons vary for the absence of such an approach to supplier risk management among many utilities, including the complexities of program design and difficulties securing organizational buy-in for the needed investment.
But BCG has created an effective approach that can substantially reduce your chances of being blindsided by a major supplier-related event and enhance the strength and quality of your organization’s response if an incident does occur. It is tested, can be melded into your day-to-day operations relatively quickly, and can translate into tangible results almost immediately. What’s more, implementing it can produce broad benefits—including a more risk-cognizant culture and simplified, more automated procurement and supplier-management processes—within your organization.
Suppliers and Risk
The business and operating backdrop for utilities is becoming ever more complex. Utilities are expected to execute their day-to-day functions flawlessly, 24-7, amid tightening regulatory and safety standards and a general rise in customer expectations—all while keeping costs in check.
Simultaneously, utilities are expected to plan, manage, and execute major capital projects; adroitly navigate a rapidly evolving technological environment replete with smart meters, renewable energy sources, and other potentially game-changing developments; and keep investors and regulators happy. In addition, utilities must keep all of these balls aloft under close scrutiny, where the slightest miscue can be surfaced quickly and broadcast far and wide through social media.
Given this sweeping range of demands—and the associated breadth of expertise, skills, and work capacity necessary to meet them—it is hardly surprising that utilities are turning to suppliers more and more. Indeed, for many utilities, contracted labor now accounts for more than half of their total labor hours and for spending that is equivalent to as much as half of the utility’s revenues: many large utilities now spend multiple billions of dollars each year on suppliers.
Many large utilities now spend multiple billions of dollars each year on suppliers, amplifying traditional risks.
Essa dependência crescente de partes externas amplifica os riscos tradicionais que os utilitários enfrentam, como os seguintes:
- Cyber. (Consulte “Risco cibernético orientado ao fornecedor: uma ameaça crescente que pode ser muito cara.”) The supplier’s security protocols might be more lax than the utility’s, unduly exposing the utility’s systems and customer data to hackers. (See “Supplier-Driven Cyber Risk: A Growing Threat That Could Be Very Costly.”)
- Operacional. também. Entre estes estão os seguintes: The supplier fails to follow established health and safety standards, resulting in injury or death.
- Reputational. The utility is held implicitly accountable by the media and public for errors committed by its suppliers.
Greater utilization of suppliers introduces new types of risk to utilities as well. Among these are the following:
- Quarta parte. A utilidade se torna muito dependente de um único empreiteiro e perde a experiência interna e a negociação de alavancagem ou vê pressão de preço ascendente ou desempenho deteriorado. Operações e acessibilidade para os clientes - torna difícil para as concessionárias reduzir esses riscos por meio de um gerenciamento mais rígido de fornecedores. Os domínios dos utilitários geralmente abrangem centenas de milhas, o que torna o rastreamento de fornecedores problemáticos. Plantas ou instalações dependentes de empreiteiros que precisam operar o tempo todo (ou em horários ímpares) representam obstáculos práticos semelhantes, assim como o número puro (geralmente centenas) de contratados que um utilitário pode precisar empregar. O ponto principal é que, mesmo com a melhor das intenções, um utilitário pode achar bastante difícil, se não impossível, manter um relógio suficientemente próximo e uma rédea rígida em seus fornecedores. Alguns têm um foco incompleto, concentrando -se em apenas alguns tipos específicos de risco ou partes do negócio. Outros têm aparência atrasada, medindo apenas os indicadores de desempenho anteriores ou atrasos dos fornecedores e não oferecendo visibilidade à probabilidade de problemas futuros. Outros ainda não conseguem rastrear formalmente a conformidade com o fornecedor com as diretrizes dos utilitários ou reguladores ou são isolados quando uma unidade de negócios não compartilha informações sobre um fornecedor com mal com desempenho com outras pessoas. E há aqueles que desalinham a probabilidade ou as possíveis consequências de um determinado risco com seus esforços para mitigá -lo. (Consulte Anexo 2.) The supplier engages subcontractors that the utility has not vetted.
- Contractual. The utility is prevented by contract restrictions from effectively monitoring the supplier’s work.
- Concentration. The utility becomes too dependent on a single contractor and either loses internal expertise and negotiating leverage or sees upward price pressure or deteriorating performance.
- Financial Distress. The contractor experiences severe financial difficulties and is unable to deliver the contracted services.
What’s more, the logistics of utilities’ business—including the need for 24-7 operations and accessibility for customers—make it difficult for utilities to reduce these risks through tighter supplier management. Utilities’ domains often span hundreds of miles, which makes the tracking of suppliers problematic.
A utility’s service area can also fall under the jurisdiction of multiple regulatory bodies, resulting in varying requirements for suppliers depending on location and exacerbating the challenge of monitoring and control. Contractor-reliant plants or facilities that need to operate around the clock (or at odd hours) pose similar practical hurdles, as does the sheer number (often hundreds) of contractors a utility may need to employ. The bottom line is that, even with the best of intentions, a utility can find it quite hard, if not impossible, to keep a sufficiently close watch and tight rein on its suppliers.
A Rigorous Approach to Supplier Risk Management
Some utilities have instituted formal programs to try to contain supplier risk, but we have noticed that many of these efforts fall short on at least one level. Some have an incomplete focus, concentrating on only a few specific kinds of risk or parts of the business. Others are backward looking, measuring only suppliers’ past performance or lagging indicators and offering no visibility into the likelihood of future problems. Still others fail to formally track supplier compliance with utilities’ or regulators’ guidelines or are siloed when a business unit fails to share information about a poorly performing supplier with others. And then there are those that misalign the probability or potential consequences of a given risk with their efforts to mitigate it.
An effective supplier risk management program, in contrast, will have six attributes. (See Exhibit 2.)
It will:
- Be comprehensive, addressing all types of risk
- Forge a consistent interpretation of risk, establishing clear criteria so that the potential for varying individual assessments is eliminated
- Enfatize a proatividade, concentrando-se na definição de medidas preventivas que podem impedir que os riscos potenciais sejam atualizados
- Be pragmatic, accommodating and adjusting to changes in risk probabilities and causal factors, as well as user-centric in design and functionality (placing heavy emphasis on dashboards and other visual elements), especially from a contract manager’s perspective
- Establish accountability, incorporating compliance verification measures to ensure that the risk management process is being adhered to and applied consistently
- Be adaptive, applying an agile methodology and enabling continuous learning and adjustments to the process
BCG’s approach to supplier risk management has all of these attributes. It is based on gaining a thorough understanding of each supplier and its particular mandate with a utility, and it’s grounded in a four-step process: identify, quantify, mitigate, and monitor. (See Exhibit 3.)
The process ensures that all relevant risks are surfaced; that risks are graded according to severity so that management knows where to concentrate its time, energy, and resources; that steps to mitigate risks are identified and shared with the appropriate people at both the utility and the supplier; and that the risks are sufficiently monitored at the management level by both the utility and the supplier. No stone is left unturned, no base is left uncovered. Simultaneously, the program accomplishes its goals without either interfering with the company’s ability to run its core business or demanding too much time from people.
A implementação desse programa requer uma abordagem multiplicada. Os líderes devem se comprometer com o programa e tornar seu compromisso visível em toda a empresa: se a liderança não liderar, é improvável que os negócios e as unidades funcionais sigam. As unidades comerciais e funcionais, por sua vez, devem trabalhar em estreita colaboração com a cadeia de suprimentos e as funções de compras. A tecnologia de capacidade que sustenta os painéis e outros elementos visuais necessários para fazer o programa operar em escala deve ser projetada, lançada e suportada por treinamento. Uma campanha de gerenciamento de mudanças, projetada para obter ampla adesão da organização para a nova abordagem de mitigação de riscos, deve ser realizada. E o fase-in do programa deve ser centrado no usuário, com atenção particular às necessidades dos gerentes de contrato.
Successful implementation can greatly reduce the number of negative supplier-related incidents.
Admitidamente, a implementação bem -sucedida não é fácil. Mas as recompensas em potencial para acertar são consideráveis. Mais visivelmente, o número de incidentes negativos relacionados ao fornecedor pode ser bastante reduzido. Isso pode poupar a concessionária de multas e custos regulatórios potencialmente grandes associados à desfazer ou compensar quaisquer danos causados por fornecedores. (Veja o Anexo 4.) Ele também pode fortalecer o relacionamento da concessionária com os reguladores e melhorar o moral interno. Além disso, o tempo e os recursos que seriam dedicados ao gerenciamento de crises orientados por fornecedores podem ser dedicados a atividades mais produtivas. E a demonstração de controle sobre o risco de fornecedor pode promover amplos benefícios culturais em toda a organização, incluindo um foco geralmente elevado no risco e na mitigação de riscos. De maneira concertada, pode ser enorme. O número de incidentes negativos relacionados ao fornecedor pode subir, levando a multas e custos crescentes. O grau de escrutínio regulador pode subir e permanecer elevado por um período prolongado. A reputação da concessionária pode sofrer; O atrito do cliente pode surgir. Podemos ajudar. Trabalhamos com grandes empresas de energia, incluindo uma grande utilidade, no gerenciamento de riscos de terceiros e temos uma extensa experiência em gerenciamento de riscos entre os setores. (O BCG trabalhou com mais de 50 empresas em projetos relacionados a riscos de terceiros nos últimos dois anos e possui mais de 20 especialistas em risco apenas na América do Norte.)
Conversely, the downside of unsuccessfully implementing the program, or deciding to refrain from even trying to tackle supplier risk in a concerted manner, can be enormous. The number of negative supplier-related incidents could climb, leading to escalating fines and costs. The degree of regulator scrutiny could rise and remain elevated for an extended period. The utility’s reputation could suffer; customer attrition could surge.
In short, we think that, for most utilities, this is worth doing and doing well. We can help.
Why BCG?
BCG brings a wealth of relevant experience and capabilities to the table. We have worked with major energy companies, including a large utility, on managing third-party risk and have extensive risk management experience across industries. (BCG has worked with more than 50 companies on projects related to third-party risk in the past two years and has more than 20 risk experts in North America alone.)
Temos uma experiência geral substancial com serviços públicos, tendo trabalhado em mais de 1.800 projetos nos últimos cinco anos. Temos uma equipe experiente de mais de 300 especialistas dedicados especificamente ao espaço de energia e utilitários, bem como uma profundidade de experiência em toda a cadeia de valor energético. Desenvolvemos bancos de dados proprietários, benchmarks e modelos de mercado.
BCG can guide and assist in all aspects of implementation, from launching pilots to facilitating cultural change.
Podemos trabalhar de maneira rápida, eficiente, iterativamente e em estreita colaboração com você, usando ferramentas e metodologias ágeis e empregando uma abordagem de "treinamento fazendo" com suas equipes. Podemos passar rapidamente de avaliar sua abordagem atual de gerenciamento de riscos para projetar um programa personalizado mais otimizado, se necessário - que seja verdadeiramente individualizado e específico para suas necessidades. Podemos orientar e ajudar em todos os aspectos da implementação, desde o lançamento de pilotos com um subconjunto de fornecedores até a facilitação da mudança cultural, para que o programa se torne parte do DNA da sua organização. Durante todo o processo, o desafiaremos e esperamos que você nos desafie; Juntos, chegaremos a uma solução que atenda às suas necessidades específicas. Robert Tevelson
If you are interested in learning more about our approach to managing supplier risk and what we think BCG could do for you, we would love to hear from you.
