Skip navigation
2017

 

Manufacturing is going through a transformative period, with ever increasing risk from technological innovation, economic and regulatory uncertainty, automation and workforce concerns and globalization and trade disruptions. It’s imperative then, that companies identify and evaluate risks so they can create strategies to address these concerns.

 

To help identify these risks, BDO has released its “2017 BDO Manufacturing Risk Factor Report,” which examines the risk factors in the most recent 10-K filings of the largest 100 publicly traded U.S. manufacturers in the food manufacturing, transportation, fabricated metals, machinery, plastics and rubber industries. The risks are analyzed and ranked by order of frequency cited.

 

I wasn’t surprised to see that supply chain disruption (specifically, supplier, vendor or distributor disruption) is cited as the leading risk; or that federal, state and local regulations were named as the second largest risk. I was interested though, to read that labor costs, retention and outsourcing are the third largest risk. In particular, finding, retaining and engaging the next generation of engineering, technology and factory floor talent is a growing concern, with 98 percent of the companies listing labor costs, retention and outsourcing challenges chief among risks; 66 percent of the companies listed concern about strikes or work stoppages; and 75 percent listed attracting and retaining key management personnel as a key risk.

 

As is likely, general economic conditions, including disruptions in the financial markets, is another key risk, as is risk regarding environmental regulations and liability. “Strengthening Cyber Defense in Industry 4.0” is a growing concern among the respondents, as also would be expected. However, it’s growth rate is interesting: 96 percent of the companies listed concerns about cybersecurity breaches as a key risk, up 50 percent from four years ago—making cybersecurity breaches one of manufacturers’ top five risks for the first time.

 

“With the nation’s eyes on the manufacturing industry, companies can’t afford to take chances with their cybersecurity measures,” says John Riggi, Head of BDO’s Cybersecurity and Financial Crimes Practice. “It’s safe to assume a breach is always a possibility, so to avoid manufacturing interruptions, losing valuable intellectual property and taking a reputational beating in the event of a cyberattack, manufacturers should regularly test their incident response plan to ensure it’s ready to deploy at a moment’s notice.”

 

Finally, as the report notes, 2016 was, undeniably, a mercurial year in politics. One in 5 manufacturers mention the 2016 U.S. general election and changes associated with the installation of the new administration in their filings. As businesses wait to see how campaign rhetoric will play out in enacted policies, manufacturers seem to be feeling a measure of uncertainty around economic priorities and spending, the report continues.

 

“While manufacturing companies are riding a wave of optimism propelled by the Trump administration’s stated focus on regulatory reprieve, the feasibility and speed of potential reform is still murky,” says Rick Schreiber, leader of BDO’s Manufacturing & Distribution practice and National Association of Manufacturers board member. “There’s hope in the industry that a solid level of balance will be reinstated between the greater good some regulations seek to achieve and the high costs of compliance.”

 

What are your company’s chief risks? Do they align with the report’s findings? What steps are being taken to mitigate those risks?

There are many benefits to having a global, multi-tiered and lean supply chain. At the same time, their use also makes companies more vulnerable to supply chain disruptions as suppliers and partners experience everything from financial problems to extreme weather or even natural disasters. Furthermore, disruptive events caused by third parties can have financial, reputational and even legal consequences.

 

These types of disruptions are very common. Indeed, 84 percent of businesses have suffered from some form of supplier failure in the past two to three years, according to research conducted by Forrester Consulting for Tungsten Network. The study, “Supplier Networks Enable Innovative and Streamlined Supply Chains”, found that the most frequently cited impact of supplier failure was financial, with 30 percent of the respondents reporting a loss in revenue or business partners. Other impact areas reported by more than 22 percent of the respondents were higher insurance premiums, damaged reputation/loss of customer trust, and significant legal/regulatory fines.

 

Despite these experiences, only 23 percent of the respondents said their company has achieved “mature” supplier-related processes, which involve monitoring and analyzing their suppliers with clear data. When respondents were asked about their company’s approach to conducting due diligence on suppliers and ensuring compliance with regulations and corporate social responsibility policies, just 12 percent of businesses scored the highest level of “optimized” maturity, where processes are constantly monitored and improved to maximize performance.

 

At the other end of the spectrum, more than a third (35 percent) of the respondents said their organization operates on an ad hoc or non-existent basis, revealing “low process maturity.” This approach to due diligence, in turn, leads to a lack of defined relationships, aggregation of information and methods of measuring expenditure, which results in poor sourcing decisions, the report explains.

 

“Today’s digital world affords buyers and sellers the opportunity to more effectively use their data and manage their interactions,” says Rick Hurwitz, Tungsten Network’s CEO. “Both buyers and suppliers in our study shared a host of challenges in meeting their company’s objectives, including increased cyber fraud, siloed customer data, insufficient cash for investment, and legacy technology systems. Clearly, many businesses are struggling with inadequate processes and supplier failure hits the bottom line.”

 

The good news is that the study’s findings also show companies are working to improve supplier management to minimize disruptions. For example, 33 percent of the respondents said that improving technology for collaborating with suppliers was a top priority over the next 12 months for their company, and 25 percent said the company intends to aggregate and analyze data sources to improve context and decision making.

 

Monitoring and analyzing suppliers is critical, but companies also need the ability to put the correct response in place when there is a disruption. Indeed, the ability to respond effectively to an unanticipated supply chain disruption—or to respond to an anticipated supply chain disruption—by implementing the proper mitigation strategy requires a combination of capabilities which first enable organizations to correctly identify risks, and then trigger an alert so all personnel who need to respond receive immediate notification. Determining the correct response also requires using “What-if?” modeling of different resolution options to determine their possible impact. In addition to facilitating collaboration and communication among key personnel, the ability to implement the correct response also requires providing clear guidance so key personnel can compare possible resolutions to determine which one best meets organization objectives.

 

What are your thoughts on supplier failures? Does your company continuously monitor suppliers and analyze their performance?

End-to-end supply chain visibility is recognized as the foundation supply chain teams need to address critical business challenges, such as increasing supply chain complexity and rising supply chain management costs. It’s a prerequisite for making both the supply chain and the business more agile, resilient and competitive. Consequently, with end-to-end visibility, supply chain teams are better prepared to mitigate risks, identify and understand the impact of disruptive events, and respond quickly.

 

One would expect then that gaining full supply chain visibility is a key strategic priority for many companies. Indeed, among respondents taking part in the GEODIS 2017 Supply Chain Worldwide survey, gaining full supply chain visibility has grown from the sixth most important priority in 2015 to the third key strategic priority in 2017. Surprisingly though, only six percent of the respondents indicated their company has achieved full supply chain visibility.

 

Another key finding is that 70 percent of the survey’s respondents say their supply chain is either “very” or “extremely” complex. What’s more, 57 percent of the respondents say they consider their company’s supply chain to be customer-focused, and is a competitive advantage that enables the development of their company. Respondents from two-thirds of the firms also said the company spends five percent to 15 percent of turnover on supply chain initiatives.

 

The comments documented in this study are based on the responses of 623 supply chain professionals across 17 countries, with roles in supply chain, finance, operations, marketing, strategy, and information technology and management levels. All the respondents have a direct link with supply chain operations and issues on a regular basis.

 

I was also interested to read that, when asked about the top objectives demanded from supply chains, the primary goal cited by respondents remains ensuring on-time, in-full delivery. This was followed by improving product availability or delivery, improving end-to-end supply chain visibility, optimizing inventory costs and reducing transport and warehousing costs.

 

Asked about the “next big thing” in supply chain technologies, data analysis was ranked first by 41 percent of respondents. This was followed by Internet of Things, and connected devices and cloud computing, which were both cited by 39 percent of the respondents. Information security, predictive analysis, apps and addictive manufacturing—such as 3D printing—rounded out the responses.

 

The flip side of the coin, however, is that only slightly more than half (53 percent) of the respondents said they are engaged in advanced innovative practices within their supply chain. Furthermore, even practices such as process mapping or lean management are far from being universal, being implemented by 60 percent and 55 percent of respondents respectively.

 

“These moderate results could be explained by the fear of implementing uncertain practices, particularly while the current growing necessity of ensuring a reliable supply chain exists,” the authors explain. “However, first-in-class companies are agile and ready to invest to implement optimization of their supply chain.”

 

What are your thoughts on full supply chain visibility? Is gaining such visibility a strategic initiative where you work?

Minimizing the risk of corruption costs companies business, and companies are working to reduce risk by using data in their corruption risk mitigation strategies, are two key findings from AlixPartners’ annual anticorruption survey.

 

The results of the survey, conducted to determine the impact of corruption on the global business environment and to gain a better understanding of how companies address corruption risk, show that executives continue to be concerned with corruption risk and have stopped doing business with certain partners (cited by 42 percent of the respondents, up from 32 percent last year) or lost business (cited by 31 percent of the respondents, up from 23 percent last year) due to corruption risk. Interestingly, 87 percent of the respondents said they believe their company uses data successfully to identify possible corruption. Furthermore, across all industries and sectors, data and system security continue to present opportunities for addressing the risk of corruption, as 67 percent of the respondents indicated their company uses real-time monitoring for suspicious activity.

 

Respondents to the survey included corporate counsel, legal and compliance officers, who were asked about their companies’ anticorruption efforts, compliance policies and ways of identifying and mitigating corruption risk in the supply chain. Those executives are at international companies with annual revenues of $150 million or more, representing more than 20 industries based in the U.S., Europe and Asia.

 

“Technology continues to be a useful tool as many companies use real-time monitoring and data analysis to weed out suspicious behavior,” says Harvey Kelly, Managing Director and Global Leader of AlixPartners’ Financial Advisory Services practice. “However, with technological advances and more data come larger challenges, such as ensuring data safety, especially across borders.”

 

It isn’t surprising to see that the survey results show the biggest challenge to minimizing corruption risk stems from the sheer volume of information that companies must contend with, which includes lack of integrated systems (cited by 75 percent of the respondents) and ensuring data security (cited by 74 percent). I was also interested to see that although 49 percent of the respondents said they are “very or extremely confident” in their company’s due diligence processes, the largest limiting factors to effective due diligence cited by respondents are multiple business partners (44 percent), time pressures (39 percent) and difficulty in accessing information (37 percent).

 

Internal audits and anticorruption compliance policies are chief among the most successful measures cited by respondents as a means to reduce corruption risk. Indeed, 84 percent of the respondents said their company uses internal audits and has anticorruption compliance policies in place. Another key practice is increased training, cited by 81 percent of the respondents.

 

Finally, I was somewhat surprised to see just how many respondents said whistleblower programs continue to be a key tool in identifying and dealing with corruption risk: 95 percent of the respondents said their company has a process in place for handling whistleblower reports. What’s more, these hotlines seem to be working—37 percent of the respondents indicated they have received a tip related to bribery or corruption, which is up from 27 percent in last year’s survey.

 

More than a quarter of the respondents said their industry is exposed to “significant” corruption risk, which makes me wonder what you think of corruption in your industry. Do you consider corruption to be a significant risk in your industry or supply chain? Secondly, does your company use internal audits and anticorruption compliance policies as part of its corruption risk mitigation strategy? Does it also have a whistleblower program in place?

The good news is that, according to the results of a new survey, most Americans believe U.S. manufacturing is vital to maintaining the country’s economic prosperity. Then again, less than 50 percent of the respondents said they believe manufacturing jobs are interesting, rewarding, clean, safe, stable and secure, according to the results of the 2017 Public Perception of Manufacturing Survey, released by The Manufacturing Institute and Deloitte.

 

Furthermore, and perhaps most sobering, less than 30 percent of those surveyed indicated they are likely to encourage their children to pursue a manufacturing career. Nonetheless, when asked what future jobs in manufacturing will look like, respondents had overwhelmingly optimistic views: future manufacturing jobs will require high-tech skills (cited by 88 percent of respondents), will be clean and safe (81 percent), as well as more innovative (77 percent).

 

Consequently, manufacturing clearly matters to Americans, yet it also suffers from an image problem that undermines its competitiveness, according to the report. To turn perceptions around, the report offers the following steps that manufacturers, either individually or collectively, can take to actively create more positive perceptions about the industry and work to attract talent, both young and old, to the industry.

 

The first step, the report notes, is to share good news and dispel false impressions of the industry. This can be achieved through conducting conversations and events such as Manufacturing Day to create public awareness of the strong and positive realities about manufacturing. “Did you know?” types of campaigns—to present the truth about the manufacturing industry, like it having high wages—can go a long way in improving the perception of the industry among the general public, the report notes.

 

A second tactic is to highlight top priorities people seek in a career. The manufacturing industry already provides careers that have good job benefits, pay and are interesting and rewarding—key characteristics that the American public desires. Recognizing that the demand for top talent extends beyond the manufacturing industry, companies will likely need to focus on determining how best to attract and retain the best and brightest talent.

 

Another key step is to invest in and foster high-interest programs. Programs directed toward hands-on skill development may find the most traction among the American public, as far as increasing interest in manufacturing is concerned, the report explains. Manufacturers should take note that apprenticeships, internships and certification-based training programs are all seen favorably by Americans.

 

Companies should also strive to leverage groups with higher interest and perception levels. Surveyed segments such as women and Americans with high manufacturing familiarity have a better image of, and perception about, the U.S. manufacturing industry. These demographic segments can be leveraged as brand ambassadors to improve and influence manufacturing perception within other segments.

 

Tapping into the strong associations between manufacturing and economic prosperity is also a smart move. It’s clear that Americans believe a strong manufacturing industry is vital to the nation—its economy, people and national priorities—the report explains. Manufacturers could do more to tap into the patriotic pride of a strong industrial base.

 

It’s also important to generate awareness around state-of-the-art advanced technologies critical to manufacturing. Advanced technologies such as predictive analytics and advanced materials—deemed critical to the future of manufacturing—should have top-of-mind awareness among the American public. Manufacturers should emulate their Silicon Valley counterparts by weaving a “cool” image of their industry with that of advanced technologies and innovation, the authors suggest.

 

Finally, companies should work to create initiatives that bring industry, government and academia together. That’s because manufacturers can benefit from better enabling and tapping into a larger ecosystem that fosters innovation and creates more opportunities to attract top talent across a broader spectrum. The manufacturing industry, for instance, can benefit from ecosystem players coming together for awareness-raising campaigns and initiatives.

 

What are your thoughts on manufacturing’s image? What can be done to improve how people outside the industry think about manufacturing?

As technology continues to develop, information technology (IT) and operational technology (OT) onboard ships are being networked together—and more frequently connected to the Internet. This increases the risk of unauthorized access or malicious attacks to ships’ systems and networks. Then again, risks may also stem from personnel accessing systems on-board, for example by introducing malware via removable media. Consequently, the need for on-board cyber risk management is growing quickly.

 

A joint maritime industry group—comprised of numerous industry bodies and led by international shipping association BIMCO—has issued the second edition of “The Guidelines on Cyber Security Onboard Ships,” which includes practical advice on how to guard against cyber attacks. It includes information on insurance issues and how to effectively segregate networks, as well as practical advice on managing the ship-to-shore interface, and how to handle cyber security during port calls and when communicating with the shore side. The chapters on “contingency planning” and “responding to and recovering from cyber incidents” have been rewritten specifically for ships and the conditions they would face if a ship’s defenses were breached.

 

The joint industry working group members are: BIMCO, Cruise Lines International Association (CLIA), International Chamber of Shipping (ICS), International Association of Dry Cargo Shipowners (INTERCARGO), International Association of Independent Tanker Owners (INTERTANKO), International Union of Maritime Insurance (IUMI) and Oil Companies International Marine Forum (OCIMF).

 

“Cyber security is certainly a hot topic for all of us now, and this latest guidance includes valuable information, applying a risk-based approach to all of the areas of concern, highlighting how an individual’s unwitting actions might expose their organization,” Angus Frew, BIMCO Secretary General and CEO says. “In light of recent events we urge everyone across the industry to download it … and to consider the risk cyber crime may pose to their ships and operations. Ignorance is no longer an option, as we are all rapidly realizing.”

 

I was particularly interested to read a section noting that cyber safety is as significant as cyber security. Both have equal potential to affect the safety of onboard personnel, ships and cargo. Cyber security is concerned with the protection of IT, OT and data from unauthorized access, manipulation and disruption, the guide explains. Cyber safety covers the risks from the loss of availability or integrity of safety critical data and OT. While the causes of a cyber safety incident may be different from a cyber security incident, an effective response to both is based on training and awareness of appropriate company policies and procedures, the guide explains.

 

Cyber safety incidents can, the guide notes, stem from:

  • A cyber security incident, which affects the availability and integrity of OT. For example, corruption of chart data held in an Electronic Chart Display and Information System (ECDIS),
  • A failure occurring during software maintenance and patching,
  • Loss of or manipulation of external sensor data, critical for the operation of a ship. This includes, but is not limited to, Global Navigation Satellite Systems (GNSS).

 

Finally, the guide also explains that when incorporating cyber risk management, companies should also consider if, in addition to a generic risk assessment of the ships it operates, a particular ship needs a specific risk assessment. The company should consider the need for a specific risk assessment if a particular ship is unique within its fleet. This evaluation should consider factors such as the extent to which IT and OT is used on-board, the complexity of system integration and the nature of operations.

 

What are your thoughts on cyber risk management for ships and fleets?

Industrial robots can, in some cases, replace humans in large-scale production and manufacturing activities due to their increased efficiency, accuracy and safety. In particular, industrial robots are increasingly used to assemble cars; assemble aircraft engines as well as drill and paint airframes in the aviation industry; and even package food.

 

There is, however, growing concern that cyber attacks could allow a hacker to seize control of these robots. With that in mind, a group of cybersecurity experts started examining the attack surface of today’s industrial robot architectures and implementations, looking for weaknesses and vulnerabilities cyber attackers could exploit. In “Rogue Robots: Testing the Limits of an Industrial Robot’s Security,” the Forward-looking Threat Research (FTR) team from cybersecurity company Trend Micro and collaborators from the Politecnico di Milano (POLIMI) technical university in Italy explain that cyber hacking industrial robots is indeed a distinct possibility. What’s more, they warn that many robots in factories and distribution centers are vulnerable to cyber attacks, which could harm companies, products and even people.

 

In the paper, the researchers explain they found that the software running on industrial robots is outdated; is based on vulnerable OSs and libraries, sometimes relying on obsolete or cryptographic libraries; and has weak authentication systems with default, unchangeable credentials. Additionally, the Trend Micro FTR Team found tens of thousands of industrial devices residing on public IP addresses, which could include exposed industrial robots, further increasing risks that an attacker can access and compromise them.

 

The paper identifies five potential kinds of attacks:

  • The hacker alters a robot’s control system so it moves unexpectedly or inaccurately. This could result in defective or modified products.
  • The hacker tampers with a robot’s calibration to make it move unexpectedly or inaccurately at the attacker’s will. This also could result in defective or modified products.
  • The hacker manipulates a robot’s production logic to introduce defects into the work piece.
  • The hacker manipulates a robot’s status information so the operator is not aware of the machine’s true status. This could result in operator injuries if, for example, the operator believes that the robot has been turned off and is safe to approach when it is still active.
  • The hacker manipulates a robot directly so the operator loses control and possibly gets injured.

 

Such attacks could pose a wide variety of risks with numerous consequences for manufacturers. Trend Micro has created a video showing an example of a cyberattack and explaining the implications. The video shows how a hacker could cause a robot to introduce a small, imperceptible defect that could cause the product to malfunction. This could lead to expensive returns and a reputation-damaging recall process. Hackers could also demand a ransom to reveal which product lots have been damaged. Furthermore, cyber criminals could hack robots to gain access to sensitive information or company secrets, such as source code or information about production schedules and volumes.

 

To guard against the risk of such threats, the researchers suggest companies strive to ensure they perform all available software updates. Often, they note, factories will skip these updates rather than lose production time while the robots are taken offline. Companies should also work with robot vendors to identify potential threats and improve security, the authors write.

 

What are your thoughts about the possibility of industrial robots coming under cyber attack? Does your company use robots in production operations? If so, do you think the robots are vulnerable to attack?

The push to get more women onto corporate boards of directors is getting a lot of attention lately, particularly as a result of investors urging companies to make it a priority. The good news is that nearly all directors (96 percent) agree that diversity is important, according to PwC’s 2016 Annual Corporate Directors Survey.

 

Then again, consider this: In 2016, Fortune 500 companies filled 421 vacant or newly created board seats with non-executive directors, which is a new high as recorded by the Board Monitor, an annual study of board composition, experience, turnover and diversity conducted by executive search firm Heidrick & Struggles. But despite the focus on adding women to director seats, the study found that women were appointed to 27.8 percent of director seats that turned over or were added to the boardroom roster in 2016, a two-percentage-point decline from the year prior, which ends a seven-year run of year-on-year gains.

 

“I was actually very surprised, because there’s a lot of conversation about the importance of diversity, and I think there’s a lot of commitment to it,” Bonnie Gwin, co-managing partner of Heidrick’s CEO & Board Practice, says in a Washington Post article. “But at the end of the day, boards lean toward appointing CEOs and CFOs [to fill director positions], and there’s not a lot of diversity in that pool of candidates.”

 

Gwin isn’t alone in that observation, as other studies also point out that most board members generally don’t look far beyond the boardroom for new directors. Indeed, the problem, says John Roe, managing director of ISS Analytics, which conducted a study of 105,000 directorships, is that most board members get hired based on the recommendation of existing directors—who are mostly male and whose networks tend to consist of other male directors.

 

Interestingly, according to ISS’ research, first-time female board members aren’t common. When a woman fills a board seat, there’s a 32 percent chance she’s already served as a director at another company, the study found. When a man takes a board of director position, however, there’s a 23 percent chance he’s already held a seat. The gap then suggests that to get chosen to be on a board, someone must already be on a board, Roe says.

 

The good news is that the PwC research does indicate a shift is starting to take place. Calls for board diversity and investor influence on board composition have prompted some boards to use less traditional sources to find new directors. For instance, some boards are beginning to use search firms and management recommendations as sources for recruiting efforts.

 

In the meantime, there were bright spots for diversity in Heidrick & Struggles’ report. For one, Hispanic directors made gains, particularly at consumer-facing companies such as retailers and consumer packaged-goods firms. Secondly, tech companies are perhaps now more sensitive to the scrutiny they’ve received over their low numbers of women in leadership roles, Heidrick & Struggles notes. Indeed, 40 percent of new directors at tech companies were women—13.5 percentage points higher than the year before and well above the overall numbers, according to the report.

 

What are your thoughts on increasing diversity among boards of directors? Are there women on your company’s board of directors?