Achieving Competitive Advantage Through Supply Chain Management Challenges of a Services Organization

Transcription

1

2 Achieving Competitive Advantage Through Supply Chain Management Challenges of a Services Organization Edward J. Sheehan, Jr. President & Chief Executive Officer Concurrent Technologies Corporation March 17, :00 a.m.

3 Supply Chain and Competitive Advantage A network of organizations that are linked -- upstream and downstream to provide goods and/or services to the customer/client. 2

4 Supply Chain as a Value Chain Value Chain - activities that work together to provide value to customers Transition from transaction-based to a valueoriented supply chain to enhance collaboration in the value chain Collaboration vs. competition Competimates 3

5 Forming the Supply Chain 4

6 Risks of Teaming Prime Perspective Government Oversight* Need to ensure sub is trusted, ethical and compliant* Sub s performance = Prime s performance* Today s teammate could be tomorrow s competitor* Subcontractor Organizational Conflicts of Interest* Cybersecurity risks* Subcontractor Perspective Pressures from Prime: price, cost, delivery Comply with Prime s rules Communication from Prime regarding customer requirements does not always flow down quickly * Could also be a Subcontractor risk 5

7 Supply Chain Management in the Services Industry Government contracting rules and regulations are ever changing and expanding Compliance is challenging Organizational Conflict of Interest Contract Procurements Systems Review Small Business Subcontracting goals Cyber Security Status of subcontractor business systems Annual incurred cost submissions CAS administration Subcontract deliverables Government property inventory reporting Contract requirements Optimize your ability to track your supply chain compliance by utilizing creative management tools and processes 6

8 Services vs. Product Environment Services Supply chain is made up of subcontractors with key capabilities. Performance Work Statement (PWS) describes the desired results without prescribing the methods. Contract Type is normally flexibly priced (CPFF, T&M). Risk of performance is normally on the Government or higher-tier contractor. Unique compliance risks (e.g. Service Contract Act, Contractor Work Hours and Safety Standards Act). Products Supply chain is made up of suppliers that manufacture particular parts, components or assemblies. Statement of Work (SOW) defines all requirements and directs the contractor how to do the job. Contract Type is normally Firm-Fixed-Price. Risk or performance (delivery) is normally on the contractor or subcontractor. Unique compliance risks (e.g. Walsh Healey Public Contracts Act, Counterfeit Electronic Parts, Buy American Act, Trade Agreements Act). 7

9 Supply Chain Ethics for a Competitive Advantage How do you ensure your suppliers are ethical? Supplier ethics must be a core element of supply chains Whole supply chain must be ethical Align supply chain ethics with prime s corporate ethics Include ethics and compliance as a factor when engaging with subcontractors Conduct regular assessments of supply chain ethics Maintain ethics and compliance profiles of critical suppliers CTC requires all vendors/subcontractors receiving awards greater than $100,000 to review and sign a Supplier Code of Ethics. In many instances, suppliers provide CTC with a copy of their Code of Ethics. Key takeaway: Know the Company you Keep 8

10 Disruption in the Supply Chain What controls do you have in place to keep your supply chain compliant? Bench Strength - have more than one supplier available to provide similar services or products, where possible. Despite your best efforts, there will be issues and challenges and you need to deal with it proactively. Key takeaway: Supplier Bench Strength 9

11 Safeguarding Against External Threats Up to this point, most of the activities undertaken have been within your control We now need to consider one of the most potentially damaging external threats from the use of supply chains CYBERSECURITY ATTACKS AND HACKS Key takeaway: Proactive engagement in Supply Chain Management 10

12 Cybersecurity in Supply Chain Increasingly complex supply chain world Global/international/on-line customers Customized products Access to instant communications Continuous transfer of information Rapid technology changes Key takeaway: Global supply chains increasingly complex/increased risks 11

13 Cybersecurity in the Supply Chain An enterprise s security posture is only as strong as the most vulnerable third-party business partner or supplier. Sophisticated attackers are willing to use the means necessary to gain access to sensitive information Require subcontractor to have proper practices in place Negligence, inexperience or malice Does anyone recognize the name Fazio Mechanical Services? Key takeaway: Recognize the Threat 12

14 What do these Companies have in common? Key takeaway: Recognize the Threat 13

15 Cybersecurity in the Supply Chain Attackers leveraged weaker controls of the HVAC vendor security Lost over 100 million digital records Millions of dollars in damages Attacker penetrated software giant Adobe systems, collecting customer names and encrypted credit card data Customer account IDs and passwords were also compromised Approximately 2.9 million customers were affected by the online attack Lost 56 million credit and debit cards Attackers leveraged third-party vendor login credentials to gain access Stolen by malicious software (malware) that had infected its computer network. 14

16 Cybersecurity in the Supply Chain Fall Industry Executives and 70 Pentagon officials met for a oneday workshop to look at risk scenarios Defense Department knows little about lower tier suppliers in value chain Movement of products, services, information, cash involve thousands of manufacturers in defense supply chain Complex supplier base riddled with soft spots (i.e., exposing weapons systems to counterfeit electronics) In Government FY14, Defense Department managed over 4.7 million parts ($96B) used in communications and weapon systems Defense contractors and subcontractors should expect to see potential new rules regarding reporting of counterfeit parts based on Government Accountability Office report Key takeaway: Anticipate new rules/regulations Source: (March 8, 2016). National Defense Magazine. Defense Industry Warns Pentagon to Protect Supply Lines. 15

17 Cybersecurity in the Supply Chain Have a security-specific conversation now, not later Know your Supply Chain Identify key vendors and subcontractors Identify a cybersecurity or compliance contact Share cybersecurity compliance requirements Integrate audit and assessment practices Implement the principle of least privilege Conduct routine re-evaluation of the processes, privileges, controls, policies it is CRITICAL Key takeaway: Know your Supply Chain 16

18 Managing Supply Chain Cybersecurity Risks Understanding and executing compliance requirements DoD requirements (DFARS) Industry Requirements - Payment Card Industry (PCI) Contractors and subcontractor must report cyber incidents Implement Cloud Computing Security Requirements Guide (SRG) Implement security requirements specified by the National Institute of Standards and Technology (NIST) Special Publications (SP) Must comply by December 31,

19 Summary Supply Chain is a Value Chain valuable members of the team Know the Risks of Teaming --- Team with the Right Partner Know the company you keep you are who you hang out with! Track your Supply Chain Compliance using Management Tools and Processes Ensure your whole Supply Chain is ethical Cybersecurity Recognize threats exist! Know and execute compliance requirements (DFARS, PCI, etc.) GAO Report may prompt new regulations for contractors/subcontractors Ensure you have bench strength 18

20 19