[00:00:00] Speaker A: Hi everyone. Artificial intelligence is continuing to revolutionize the way in which organizations can manage their supply chain risk and due diligence process. This episode is part one of a two part series in which we'll look at the importance of gaining visibility into how well your key suppliers manage their risk and how you can use this data to harness the power of AI. Welcome to another episode of the Ethicast.
[00:00:31] Speaker B: Foreign.
[00:00:36] Speaker A: Supply Chain Risk management and due diligence has become a task that many organizations have great difficulty addressing. Many of them must prioritize breadth versus depth of their supply chain, feeling like it is impossible for them to manage the totality of their supply chain with equal attention. But the advent of artificial intelligence, including generative artificial intelligence, has given organizations the ability to use the data gathered from some of their suppliers and extrapolate it to the full breadth of their suppliers, allowing them to manage their risk and due diligence in a way never before possible.
In this episode we'll hear from Craig Moss, Executive Vice President Measurement at Ethisphere and Patrick Naitz, CEO and Strategic Advisor of Vectra International, on how the data collected in assessing the residual risk of a small number of suppliers can be used by AI and generative AI to deliver data driven solutions for supply chain risk. Craig is a leading expert on using management systems to improve compliance and risk management performance within companies and across supply chains. He is also a Director at the Digital Supply Chain Institute where he developed a program to accelerate and scale digital transformation and a unique new data trading framework. Patrick is CEO and strategic advisor of Vector International. With over 30 years of experience in ESG programs, corporate codes and responsible business practices across 11 industry sectors and 40 countries. Craig and Patrick are also the driving force behind a joint Ethisphere and Vector International supply chain due diligence solution that helps organizations assess controls, quantify residual risk, prioritize action items and execute scalable remediation strategies. And now, here's Craig and Patrick.
[00:02:28] Speaker B: Hi, welcome to this podcast. My name is Craig Moss, EVP at Ethisphere and also a Director at the Digital Supply Chain Institute. I'm here with my friend and partner Patrick Nait. Over to you Patrick.
[00:02:41] Speaker C: Hi, my name is Patrick Nait. I'm the CEO of Vectra International and I have partnered with Craig for a long time on really important initiatives including looking at maturity of supply chain management systems.
[00:02:58] Speaker B: So what we're going to do today is this is part one of a two part podcast or Ethicast series and we're really focused on supply chain due diligence all the new regulations that are coming out and the application of artificial intelligence and generative artificial intelligence or Gen AI to be able to make a difference in how you manage supply chain risk and conduct supply chain due diligence. What I want you to think about is historically we've always talked to companies about the idea of breadth. You have 10,000 suppliers. How do you cover the breadth and then depth, how do you go in depth? Where are the hundred that you go in depth and what do you do when you go in depth? What we are really excited to talk to you about today is the idea, instead of thinking of it as a funnel, now we're going to start thinking about it as an hourglass because we can use artificial intelligence and Gen AI to shape out the bottom part based on the data that we get in the center. So we are really excited to talk about that to you today and in the next episode that we do.
When we think about this, one of the work that we do at the Digital Supply Chain Institute is the idea of creating constellations of value. But it's not really about supply chains. It's about companies creating constellations in order to be able to serve customers in different jurisdictions, different regions, meeting different regulations and things like that. Patrick, over to you. Let's talk a little bit more about constellations of value and then kind of your take on how companies can deal with it.
[00:04:41] Speaker A: Right.
[00:04:41] Speaker C: Thank you very much, Craig. As you said, I think supply chain is a bit of a misnomer because it creates this picture of a line 1 to 1 to 1. But the reality is for anybody who is in purchasing or supply chain is that one supplier can be also a supplier to a supplier and directly to you. It becomes much more complex really fast.
I think the term which is coined constellations of value is a really, really good term because you will look at a constellation that brings a product to market. And what we see with a lot of companies and clients is that they're beginning to look at different constellations based on maybe geography. So maybe a constellation for the Americas, a constellation for Europe, a constellation for Asia, but also constellations that deal with certain products.
If you look at things that would look at paper and looking at forest products, you might have two different constellations there. When we then look at the due diligence of these constellations, you mentioned it already, Craig. You're talking about breath. There is an enormous amount of suppliers which are in these constellations. The question is, how do you identify some of the major players in your constellation?
And before we dive into that. I think it would be good to understand risk and influence.
A lot of companies are looking at risk as what do I do in a certain country? But the reality, of course, is much more complex than that.
You have inherent risk, which I think many of you are familiar with, that has to do with your operation in a certain place. But within that, you've got systems control, systems management systems, policies and procedures, and people that look at controlling those risks which end up with residual risk. The key is how do you identify major suppliers in your constellation? How do you get data from them to look at the residual risk? And what would you do with that data? Craig, what do you think?
[00:07:06] Speaker B: I think that that's really a key thing and that's part of what we've been focused on in our collaboration with you is being able to understand in an effective way the management systems that a supplier has in place to be able to manage those inherent risks. The inherent risk can vary. If you look at environment, social, other topics in particular right now, a lot of focus on environment and social because of the new European regs on the csdd. If you look at that within that, there are a lot of different topics. So under environment, it could be waste management, it could be carbon, it could be energy efficiency. Under social, it could be forced labor, child labor. On down the list, you wanna be able to have a way to understand the controls that the supplier has in place. One example that I use all the time with companies is the idea of every company being on a tightrope. And you have business growth initiatives, you're trying to grow your business, win over more customers, but you also have compliance initiatives and compliance expectations you have to meet. The controls are what? Take that tightrope and put a safety net under it. Take the tightrope from a thousand feet off the ground to two feet off the ground. You have to be. Think about it. You can never get your business off the tightrope, but you can put enough controls in place that you're able to safely be on the tightrope and be in a situation that if you fall off, you don't die. The other thing I wanted to say here real quick, and then I'll go back to you, Patrick, is if we think about. I was talking to a company yesterday and we were talking about the difference between performance metrics or outcomes and program maturity metrics.
Think about an issue like child labor, you know, in a certain region that the inherent risk of child labor is high.
So the question in my mind should be, does that supplier have an age verification system in place that is sufficient.
That's what is going to reduce the child labor risk down to a residual level that's tolerable. If they don't have an age verification system, it doesn't matter what else you ask them, they don't know the age of the people that work there.
So, Patrick.
Yeah, Back over to you.
[00:09:36] Speaker C: I think that's a really good point, Craig. I also noticed that a lot of companies are actually getting lost in all of these regulations. There are so many regulations coming out and they really, really focus on, oh, there's this regulation and that regulation, and what is the difference and how do I do that? While from a legal point of view, this might be a worthwhile exercise, from an operations point of view, that is very resource draining. The question rather would be, if we have a certain risk, what are the controls in place to manage that risk effectively in our supply chain? And where are the strong and the weak players in that? If you think about due diligence, it can be complex, very, very fast. But if you think about where am I, what am I doing there, what's the risk and what is the control that I have in place, then it becomes much easier. No matter how much variability you have in your constellation of value, the control mechanisms allow you to bring that tightrope to two feet off the ground, as you mentioned. So focusing on maturity of control systems in your constellation of value is a key to effectively manage risk.
[00:11:03] Speaker B: I agree completely. And you can't really chase jurisdictions. A lot of companies, if you're operating in 30 different countries and there are 30 different laws that all have little permutations, you don't want to be building a system based on meeting the requirements of one jurisdiction. You want to be building a overall system and then make any necessary tweaks to be able to meet any jurisdictional specifics.
In many cases, you don't even need to make tweaks if you have a good system in place, because.
[00:11:40] Speaker C: Absolutely, I was talking to a client that has quite a significant level of hazardous waste. But in their constellations of value, they've got 23,000 suppliers.
If you start looking at that, you kind of go, oh, okay, well, when we look at our tier one, we're in 17 countries, and when you look across the entire constellation, they ended up being in 104 different countries. Some of these countries have regional jurisdictions. It is near impossible, as you say, to then chase the jurisdictions and the legal requirements, focusing on kind of the common denominator. How do I control is key. And now the question is in that breadth of your constellation, how do I go deep? What's the depth, how do I select the 100 plus suppliers that allow me to get a good grip of how does my constellation look like.
[00:12:47] Speaker B: And I think that's where we're going to kind of go back to the idea of the hourglass now. So historically we always thought about this as a funnel. So you have the 10,000 and you're trying to funnel it down to the 100 or 500 or 50, whatever the number is for you. That where you need to go in depth.
What that. Going in depth now is still a critical, critical element, but it's even more powerful than ever before because we can use the data from the in depth look at residual risk using artificial intelligence and gen AI. We now can extrapolate out to, to understand the behavior of the 10,000. So it, the beautiful thing here is that we're still doing the funnel. We're still getting down to understanding those critical suppliers, whether they're your, your most critical, your highest risk. There are different ways to do that, to go from inherent risk down to understanding who do you want to focus on for in depth. But the strength now is to be able to use the data that we collect in that residual risk assessment and understanding program maturity, to use that and then flow it back out to be able to understand the 10,000 in a much, much more sophisticated level. It makes the whole thing scalable. And one of the things I say to companies all the time is I always think about this as the idea of measure and improve. So we're using data to measure, but ultimately what we want to do is use the data to prioritize what we want to do to improve. Patrick, I'm going to go over back to you on this about how we could start to use that data from the narrow part of the hourglass to create scalable solutions.
[00:14:33] Speaker C: Well, Craig, what's the alternative? If we're not looking at the hourglass, we're looking at a cylinder. And imagine how resource intensive or inefficient the cylinder would be. Where you look at a supplier, you look at the residual risk and then you start building a plan. But if you look at the first part of the funnel, you look at the maturity of the programs that are in place in these key suppliers in the constellation, you can take that data and you can begin to look at trends, you begin to see, okay, so in the control mechanisms, the majority of significant players in my constellation, they are really strong in training, but they're not very good at say, for example, follow up on risk and that kind of component. So rather than to work with, again, to work with suppliers individually, which is the cylinder approach, you now can actually look at scalable solutions by saying if you take that data at the narrow part of the top of the hourglass to basically say, okay, if we focus a program with all of our suppliers on this weak part in their control systems, then the entire constellation goes up in resilience really, really fast. Alternatively, you can also begin to look at which parts are really strong and how can we use those strong parts and roll it out to the rest of the supply chain. Plus, as you mentioned, with the data in part two of this wonderful podcast series, you know, we're going to look at how generative AI can then use that data to build it back out and go much more predictive, which I think is amazing.
[00:16:24] Speaker B: It really is. The predictive piece is key and then the scalable remediation is another key element of this. So when we start to think about the use of AI and generative AI, there's some specific areas of supply chain due diligence that it has particular application. So one, we know companies struggle with supply chain mapping. That's one thing that is really useful for, right? If you think about collecting the data from the narrow part and then being able to use it to extrapolate about what's happening across the broader supply chain mapping policies is another one. So again, put yourself in the shoes of your company. With 10,000 suppliers in 30 countries, there's a new regulation comes out that you need to meet. You need to update your supplier code of conduct, you need to communicate a message to all 10,000 suppliers in the 30 countries. You want to tweak it based on the nature of the business they are in and where they're located. That's a great use of generative AI. And you could go one step further and not only communicate out to them, but you then could create an internal training program so all the people that deal with the suppliers understand the new regs and what they're supposed to do. And you can even go the next step and put together a presentation to senior management on what you're doing to address the new law and you could use that to present to regulators also, hey, this is the action that we took. So you start to think about specific applications and it gets really, really exciting about what can be done.
Patrick, any, any wrap up comments from you? And then I do want to come back to one point to wrap up from my point of view, but any. Anything you'd like to add?
[00:18:12] Speaker C: Well, I think I'm just really excited. I've got goosebumps all over to be able to look at the maturity of the control systems, taking that data and then push it back out in a very applicable and easy way. To understand using generative AI, how often have you and I come across a client that pushes a general message on a particular law to a supplier in a country which is far away from that jurisdiction that says, be on alert, there's a new law. And what's the first reaction that both of us get? I don't know what that means. What do I deal with that? How does it apply with me using the data from the top of the hourglass and then with generative AI at the bottom of the hourglass, the possibility is there to use that data and say to that supplier, there's a new law. This is what it means for you. These are the actions for you. How effective would that be? Cylinder versus hourglass? I definitely prefer the hourglass, thank you very much.
[00:19:20] Speaker B: That's a great way. I think the hourglass, when you and I were talking about that and came up with that idea, I think it really resonates with me and hopefully it does with the people watching this podcast. What we're going to do in the next part in this series is we're going to actually have world leading AI and gen AI expert join us and he'll be joining me and we're going to go into a little bit more looking at the bottom of the hourglass. What specific things could be done? What are some of the problems that can be solved? One of the things that's been really interesting as I've learned more about generative AI, is that there's an issue of trust and transparency that becomes critical. How do you trust the data that you're getting from artificial intelligence? You need to understand the data lineage. How did it get to you? That's the transparency piece. But the idea of trust and transparency is also fundamental to supply chain risk management. Right, Patrick? We talk about that all the time. How do you trust the data you're getting from your suppliers? Are they being transparent with you or are they trying to hide what's really going on in their workplaces? These are all issues that are really important and I think the idea of trust and transparency is a really good theme that we can start with in our next, in the next part of the podcast.
So with that, Patrick, I want to thank you very much. It's Always a pleasure. Thanks to all of you that watch and I hope that you will tune back in when we do part two of the podcast where we take a deeper look at the applications of artificial intelligence and generative AI to building out the bottom part of the hourglass and start to talk about specific problems that can be addressed. Thanks very much.
[00:21:07] Speaker A: Ethisphere and Vector International have partnered to deliver a supply chain risk management solution to provide your organization with quantifiable risk ratings on its supply chain. To learn more, visit ethisphere.com or simply hit the link in our show Notes where you'll also find links to Craig and Patrick's article Making Supply Chain Due Diligence Practical. You'll also find links to information on Vector International and the Digital Supply Chain Institute as well as free supply chain resources at the Ethisphere Resource Center. Join us for part two in this series where Craig will be joined by Dr. David Ferrucci, an award winning artificial intelligence researcher who founded and led the IBM Watson project. They will discuss specific applications of AI and gen AI to supply chain due diligence and risk management.
I'm Bill Coffin and this has been the Ethicast. We hope you've enjoyed the show. For more content like this every week, please subscribe here on YouTube, Apple Podcasts or Spotify. You can also get our free weekly
[email protected] ethicast and for even more free content please visit the Ethisphere Resource center
[email protected] resources. Thank you so much for joining us and until next time, remember, strong ethics is good business.
