LEADERS IN PROCUREMENT

Ep. 4 - Procurement Excellence Through Effective Risk Management: Strategies from National Grid's Paul Howard

Richard McIntosh / Paul Howard Season 1 Episode 3

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 59:48

Proactive risk management can transform procurement into a strategic powerhouse.

Find out how, in this insightful episode with Paul Howard, Interim Director of Global Indirect Procurement at National Grid, as he delves into the critical aspects of procurement excellence through effective risk management. As a seasoned professional with a background in both military and corporate procurement, Paul shares his extensive experience and strategic approaches to overcoming contemporary procurement challenges. The conversation explores the intricacies of supplier risk management, cybersecurity in procurement, and the crucial role of building resilient supply chains.


You'll learn:

1. Strategies to identify and mitigate supplier risks
2. How to secure procurement data against cyber threats
3. Building strategic supplier relationships effectively
4. Implementing contingency plans for critical suppliers
5. Skills necessary for modern procurement leadership
6. Encouraging collaboration across procurement functions

___________


Get in touch with Paul Howard on LinkedIn: https://www.linkedin.com/in/phoward/

___________


Details about National Grid:
Website: https://www.nationalgrid.com/
Industry: Utilities
Size: 10,001+ employees

___________


About the host Richard:
Richard McIntosh, Partner at H&Z Management Consulting, has spent over 23 years helping procurement leaders succeed. Richard is an avid rugby fan, and a children's rugby coach, with a passion for helping children to become their best selves through sports. He spends his time outside of work with his wife and children.

Get in touch with Richard McIntosh on LinkedIn: https://www.linkedin.com/in/mcintosh-richard/

SPEAKER_00

If you've got information there that you're sharing with supplier and you need to do it from a commercial standpoint or an operational standpoint, and it's part of your USP, you know, somebody does a cyber attack and finds that out, then you know your competitive edge is undermined. Yes. It's almost like trade secrets, you know. And I think that's what people should be really um, you know, it should occupy the front of your mind. It's like, what information does your supplier have that belongs to you? And what exactly are they doing with it? Where are they using it? How secure is it? Yes. Yeah. And what happens if that information gets out to a competitor?

SPEAKER_01

Welcome to the Procurement Initiative Leaders Podcast, the ultimate resource for top-level procurement professionals looking to stay ahead of the curve and drive meaningful change within their organizations. I'm your host, Richard McIntosh, partner at HZ, Europe's leading procurement consultancy. Join me as I sit down with Global Leaders in Procurement to uncover the latest trends, strategies, and insights that are shaping the future of procurement. We tackle crucial topics like leadership, technology, value creation, cost management, supply chain resilience, and many more. Ready to up your game as a leader in procurement? Let's jump into this episode of the Procurement Initiative Leaders podcast with me, Richard McIntosh. Today, Paul Howard, Director of Global Indirect Procurement at National Grid, joins us. So I'm delighted to have Paul as a guest. Paul's Director of Global Indirect Procurement at National Grid. Before that, he was Chief Commercial Officer for the New Zealand Defense Force. So brings with him a wealth of procurement leadership experience. Paul, welcome to the to the podcast. Thanks, Richard. It's good to be here. Great, great. So we're going to dive deeper into the subject of uh supplier risk management, which I know is a subject we've we've talked about before. Um but before we do that, be great to um um for you to to give a an intro to the to the podcast listeners. So um, Paul, tell us about your your company, your role, um, and um, and also, but of course, what what you've done before is uh really relevant to our conversation.

SPEAKER_00

Yeah, sure. So um current role um is a contract role uh with national grid, um running a global indirect um procurement team. Uh team of around about term 15 people um that have a remet across National Grids um procurement for indirects across both the UK and the US part of their business as well. So I have people um here in the UK and I also have some people in in New York and New England. Right. Um so we we look after like general management consultancy, um the outsource and like BPO outsourcing, all of those sort of things, travel, um hotels, the usual sort of um ones that create lots of noise for people in the business. Um so yeah, so that's uh I've been there since um December. Uh they're undergoing a transformation at the moment. Um so they they need to sort of double their spend in the next couple of like next few years. So as they strive towards net zero, some some significant investment happening there. Big big transformation across the business, procurement and supply chain part of that transformation. Um so yeah, so that's that's that's the current role.

SPEAKER_01

Yeah, exciting times.

SPEAKER_00

Exciting times indeed. Um the so my previous role um was out in New Zealand. Uh I'd been in that role for um just short of nine years uh as I as I exited out um to return to the UK. Um basically responsible for all procurement um across every single domain, because the the Defense Force in New Zealand is fairly tiny. Um, however, still uh a significant part of the five eyes partnership. Um but it meant that as a role, it was it was um really exciting because we we got to deal with all of the um procurement and contract management and supplier relationship management across some significant defence suppliers, um global defence suppliers, um, but also you know across all of the domains, so ships, planes, um land vehicles, plus all the corporate as well. So um yeah, it was a big role. Um I I'd probably use to venture to say probably one of the biggest roles in procurement in New Zealand. Um and had significant interaction with with other um defences like Australia, New Zealand, uh Australia, Canada, US, UK. Um so great, yeah. Um prior to that I was I was in the UK civil service for just short of 30 years, um, doing various roles there, including being head of procurement at the Department for Culture, Media and Sport, just before I left to go to New Zealand.

SPEAKER_01

Yeah, yeah. Brilliant, brilliant. Paul, thank you. Um that that's great. Um, so let's um let's talk a little bit about supplier risk management, because you've got some um some great experience to to to bring to that. Um so yeah, let's start off with um, I mean, what what do you see as the the the biggest internal threat that procurement procurement organizations are are facing?

SPEAKER_00

I I think when it comes to um supplier, supplier risk and supplier risk management, I think you know we we often don't think about what we what we should be thinking about when it comes to supplier risk. So I think with the the the pandemic really brought it into sharp focus. Um certainly at the time I was in New Zealand, you know, that there was a there was a recognition that we we needed to to lean on our suppliers um quite heavily, especially our trusted suppliers. I think we were quite fortunate in that you know we recognized as being part of but where we were situated in the world geographically, that's a long supply chain. You know, you're three and a half hours for landfall for Australia, um, which means that it it takes an effort to get down to New Zealand. So you have to make sure that when you've got your most critical suppliers, that you're working quite closely with them. And we had a we'd had a program in place for some time, even before I actually joined the organization, where we were building those relationships and long-term relationships with our key suppliers. So when when the pandemic hit, you know, we actually started to lean into those suppliers. On with the with the benefit of hindsight, had we not had those relationships, I think we'd have really struggled. Um and and probably been in a bit more panic. Yes. So, you know, the the risks that come with with not having um good relationships with your critical suppliers, I think is is one of the one of the threats that we that you need to talk about as well. And I think I think the other one is that nowadays it's it's all around cyber, you know, there's lots of cyber attacks.

SPEAKER_02

Yeah.

SPEAKER_00

Um have to be really careful about what information your suppliers have about your business because you know there are there are threat actors out there that are looking to do harm either to your business or even to your country if it's a you know if it if it's that sort of um role that you're in. So you know, you've got to be aware of of of what um what those suppliers hold, where they keep it, how they protect it, um and whether they should have it and what what their sort of you know disposal policies are and things like that.

SPEAKER_01

Yes, yeah, yeah, really key. Um and I know we talked talked about this um this earlier, but the um, you know, we talked about having a uh a supplier risk management framework. Um so be really good if you could describe that to the to the to the listeners and and and and whether that's evolved as you've been through, I guess, through the through the COVID pandemic, which as you said really brought it into focus.

SPEAKER_00

Yeah, I mean, so we we had um, and I think this is this is it's also it is almost unique to New Zealand, but but not necessarily. But if I if I look back to what our um planning was like and our sort of business continuity at the time of the pandemic, so pretty much every single business continuity plan we had was based on a large earthquake. And as a result, it was, you know, our our thinking was actually that might put a building or three or four out of action. So we might need some people who need that need remote access. And so we'd scaled the business and our remote access system to probably about 20% of our workforce just in case a building got took out and we had to tell people to go and work from home. But the first part of the the the continuity element of it was to get them to go to an alternative um office. Yeah, yeah. So nobody saw the the anything from uh what happens if you can't get into any office, and what do we do in that instance? Um so you know, our business continuity plans were completely blown out of the water right from the get-go. So because we because we'd we'd actually built um good relationships with a lot of our suppliers, yeah. Um that meant that we could call upon them to to help us with um making sure that people got the remote access and making sure that we'd got people actually working within you know the the period before we went into lockdown. So that everybody had got stuff. It was it was a really short lead time. Yeah um and I think within about a fortnight we'd managed to get about 85% of our workforce enabled to work from home. Yeah. You know, and that was there was already 20% that could do it, yeah. So it was like another 60% they had to enable. Um so if you look at the the the way that we ran our supplier relationships, we had we had good um protocols in terms of we we dealt with them on the basis of in in different ways. So if they were if there was just a contract, but it was a strategic contract, you would just manage that as a as a strategic contract. We we were then looking to put an overlay on that um of managing the supplier, yeah. Rather than just managing the contract and thinking about the KPIs, we were then thinking of like adding another layer on top of it for strategic relationship management as well. Yeah. So we were able to take that that sort of general approach that we'd got, if you like that framework. So we did that for I think about seven, seven suppliers.

SPEAKER_01

Yes. Where we your your key, your key ones, key ones, yeah.

SPEAKER_00

Our logistics partners, for example. So the people who were doing maintenance on the ships, people who were doing maintenance on the planes, and people who are doing maintenance on the land vehicles. We were able to to very quickly mobilize them. So up in uh up in Devonport in Auckland, they uh for the dockyard, they they went on to a redshift, blue shift really quickly, um, with all the right protocols around it. Um and it was it was the fact that we had those forums to talk about, you know, not only how are you going with the contract, but how's our relationship? And we would regularly do relationship surveys and things like that. So, you know, we had a very um very generic, well, not generic, but we had a very um specific way of dealing with our suppliers. So each of our strategic relationships had a structure to them. Yeah. Um, so each each individual supplier would have a strategic relationship board, and that was the way that we decided to to manage our suppliers. It it was an interesting time for me because I don't think we'd ever done any segmentation of those supplier base.

SPEAKER_02

Yeah.

SPEAKER_00

So it was more by luck than judgment that we'd got, I think we are picked, we managed to get the right suppliers, I think 90% of the time. Right. There was one particular supplier, and I won't mention their name just in case ever anybody listening, but um, there was one particular supplier where we were scratching our heads once we once we decided to go back and do the segmentation, and this one supplier that we we identified came out as not being strategic. Right. The difficulty is that you can't then tell them that they're not.

SPEAKER_01

Yeah, yeah.

SPEAKER_00

You already tell them that they are. Um, so we had to make some tweaks to the way that we dealt with them and the things that we did so that we it was still termed as a strategic relationship, however, it wasn't really managed in that way. Yeah. So, you know, I think it's really important if you're going to build yourself a strategic relationship framework or management, a strategic management, uh supplier management framework, that you do do that supplier segmentation upfront. Yes, yeah, yeah.

SPEAKER_01

Um and just and Paul, how just just give us a feel for the the the the factors that in in that segmentation. Um you know, lots of people think about spend and just go down the the spend profile, but um there's there's clearly more to it than that.

SPEAKER_00

Absolutely, yeah. So so spend is just one element of it. Yeah. Um you know, criticality is is just as much and risk. So um so when you when you're looking at at that, you know, you've got to understand so how critical are these people to our business. If they if for whatever reason tomorrow you can't deal with them uh or they fall over or they go out of business, the question you've got to ask yourself is what would happen in that scenario. Um so we we made sure that we looked at, and I think I've got a, you know, as an example, and this is going back to my days in culture, media and sport, actually, is you know, Cabinet Office once asked us to identify who our most strategic suppliers were because they were doing a wider initiative, right? And we were a fairly small department, culture, media and sport, it's got a massive portfolio and got some really important stuff in there. And they basically gave us a bit of a bit of guidance and said, well, you know, if it's typically it's going to be more than five million pounds a year, right? Um and we don't want to be bothered like monitoring contracts that are like, you know, or suppliers that are, you know, less than that. And then I said to them, well, we do have a contract, it's only worth about half a million pounds a year, but it deals with state visits and it deals with any of the bridge events, yeah, and any and any um weddings, royal weddings, yeah, yeah, events, um, if and remembrance day, trooping of the colour.

SPEAKER_01

Yeah.

SPEAKER_00

And I said if that falls over, everyone's going to know about it. So it's a critical contract. It can't be allowed to fail, and we need to monitor it as a strategic contract. Um, to which, of course, cabinet office colleagues were literally in the we hadn't really thought of that.

SPEAKER_02

Yeah.

SPEAKER_00

Um, so it just goes to show that you know, spend is definitely not the thing that should be attracting you and is not the shiny thing that potentially is. It's it's absolutely about if this falls over, what are the consequences?

SPEAKER_02

Yeah.

SPEAKER_00

Yeah. And what's your reputational risk of failure? So these things like that that we f that we factored into it. It's like, what what will this do to our reputation? Yeah. Um what what would we do in the event that it did? Yeah. All over. And all of those things are factored in so that you can, you know, because like say, if if you've got something like Babcocks who were doing our our maintenance for our ships, yeah, if they weren't around, it's not the sort of thing that you can just snap your fingers and go to the market and say, can someone can just step in?

SPEAKER_01

Yes, exactly. Yeah, yeah, yeah. Great, great. Really, really good examples. Um, and Paul, just going back to that um that management framework that you you you spoke about there in terms of um, you know, what in in that situation of just um how you were managing those critical suppliers. You mentioned a a governance structure there, but um, can you go a little bit deeper into the kind of the mechanism of of supplier management?

SPEAKER_00

Yeah, sure. So we um so we would hold a regular meeting, so there would always be um a strategic relationship board. They were usually every six months. Sometimes they were depending on what it was we were doing, you might you might go quarterly, it would depend on what was happening. Um but you you'd have senior sponsorship in there. So I was just one of uh a number of seniors in there. So you know, we if if I take Babcock, um New Zealand as a um as an example, so the commander logistics, who was one of my peers on uh our management team, that that commander was the if you like, the exec for um for the defense force. Yeah. And he would face into the general manager for the the dockyard. But beyond that, we'd also have my boss, who is a chief of joint defence services, facing into their chief exec for Australia, New Zealand. And we'd always make sure that we were um we had those people in the room. So we never we never ran a meeting where you would have what would what would be deemed to be tactical level. So there was there were two layers to the to the governance. So there's a strategic relationship board, and underneath it was an operational management board. Yeah. So the operational management board was was full of the people who were making things happen on a day-to-day basis in in whatever contract it was.

SPEAKER_02

Yeah.

SPEAKER_00

Those what you tend to do is get those representatives sitting in on the strategic relationship board. Yeah um, and and the sort of agenda was to look at generally at the if there was more than one contract, you look at all the contracts and you'd look at the performance of that. But that would only be one facet of of that particular meeting. Yeah. Because we'd also be talking about sort of where where we were up to on initiatives around, say, health and safety or further investment into say the dockyard, um, whether whether the incumbent supplier would say pay for a bit of infrastructure uh and own it and run it, and and think about the commerciality of the deal as we as we go through.

SPEAKER_01

Yeah. That's that's great. I mean, it's a really, really good example there of strategic supplier relationship management. So not just not just a procurement internal assessment, but actually um you know, uh cross-functional collaboration and that mapping of the right people to have to have in the room. Um, I guess as with with procurement as the facilitator of that.

SPEAKER_00

Yeah, we we were very much we we were the facilitator. We were the people with the people who were making it happen. And my role on the strategic relationship board was as a laser focus on the commerciality. Yes so you know, I I was almost first sort of facing off to their finance person.

SPEAKER_02

Yeah.

SPEAKER_00

Yeah. Um so um but but it was very much owned and well so these things were co-chaired, so it was always co-chaired. So the Australia New Zealand chief exec uh or whoever the principal was on the supplier side would would chair the meeting. Yes, you know, and they take turns. So you might have the chief of joint defence services doing it one one time, and then you would have the um the the Australia New Zealand chief exec doing it the time time after. Um it it really helped when when we came sort of we had to make a decision about the dockyard because the the actual um contract was running out and it was run and it and it was we were just about to step into a major market um exercise and the pandemic hit. And what what we had to do was we had to to make some really tough choices around how we were going to, we didn't want to just extend the deal that we got. We didn't think it was fit for purpose, neither did the supplier. Um we had to consider whether we could do an international competition. We couldn't. Yeah um and we decided and we took we took a number of options to the board, um, to the chief of defense force and said, what do you want to do in this instance? Um and we managed to we we got a decision which was basically we need a brand new contract, we'll we're gonna have to single source it. We had to go and we had to go and run that past the government, right?

SPEAKER_01

Because of that risk, because of that exposure, yeah.

SPEAKER_00

Yeah, because of that risk exposure. So um, but what was really significant is we managed to do a brand new contract with a completely new commercial model and get it all ready in like less less than nine months, yeah, fully negotiated. And I think if we'd not had that structure around how we ran that relationship board, I think that would have been that would have taken us much, much longer.

SPEAKER_01

Yes.

SPEAKER_00

Yeah. So there's a there's definitely an investment there in making sure that you've got some some pretty big clout in the room actually when you're doing this thing. If you're serious about it, then you know it can't be a conversation for me just between procurement and the supplier.

SPEAKER_02

Yeah.

SPEAKER_00

Then reflected back into the business. The business has has to own it.

SPEAKER_01

Yes.

SPEAKER_00

And and and love it and run it.

SPEAKER_01

Yeah. Yeah. I think it's a it's it's a great example. And and your description there of of it as an investment is is is spot on because you're you're investing in that for um, well, for the for that commercial future, but also for that contingency. So when you know, when something does require action, you you've got those relationships built. Um, and yeah, you can you can react quickly.

SPEAKER_00

Yeah, absolutely. I think you know, we saw that as well with um uh catering and hospitality provider.

SPEAKER_01

Yeah.

SPEAKER_00

So compass group with with our uh hospitality provider. And obviously to a pandemic, you know, that hits these people who live on the camps and bases. Yes. And they're dependent upon those services. And literally, you know, they say the government is saying, right, everybody go home.

SPEAKER_02

Yeah.

SPEAKER_00

So, but I have to say that again, and I think a lot of it was due to the relationship that we'd got and the and the the loyalty that we got from that company, Compass Group were amazing. They stepped up really well. You know, they they just they just pulled, you know, really pulled it out of the heart. It really were great. And and again, I think if we'd not had those strong relationships or that strategic relationship with them, um I think that would have been much more difficult conversation to have with them about we need your people to be on camps and bases, and we need them to expose to a little bit of risk around the around the actual um virus, you know.

SPEAKER_01

Yeah. Yeah. And it's um, and it's then, you know, you realise that, you know, you've got something more than just just uh a contract with service level agreements, you know, that relationship enables you to to to to change and and to react. Yeah, great, great, great example. Um, Paul, let's uh let's let's switch a little bit of focus and we you know talk about um the supplier risk assessment. So now looking towards you know building your supply base or new new suppliers. So um I'm interested in the you know what so from your perspective, what are the the the key factors that you consider in a supplier risk assessment?

SPEAKER_00

Well, like say before, it was like so the some of it is around that criticality of what what they what they provide. Yes. Um and um spend obviously comes into it because you're not you're not going to be spending with, you know, if you're not spending a lot of money with people and it's not that important and you can switch you know your supplier, it's not a big deal. Um I think I think some of the other stuff that we look at as well is um we we started to look at at sort of culture as well um and looking at at where their um sort of their protection systems were, if you like. Um so we're also looking at obviously their financial health, yes, um and where you know where they're concentrating their effort. Yeah. Um as with any sort of you know company, you want to make sure that you're not dealing with somebody who's not got the right um protocols in. So, you know, you want to you want to look at their track record around um environmental standards and um and and you know make sure that they've not got any slavery in their supply chain and things like that.

SPEAKER_02

Yeah.

SPEAKER_00

Um the the I think the really tricky thing about um supply risk is that you're not really sure who they're working with and what their supply chain looks like. So you need to try and get as much transparency around their supply chain as you can, especially nowadays.

SPEAKER_01

Yeah, yeah, yeah. And and that, you know, that that's that's the perfect example, isn't it? To you know, could you know how so what how deep were you looking in those, you know, for those I I give more important suppliers to to you?

SPEAKER_00

Yeah, so so what we we actually started to work with uh a couple of of companies that were doing that sort of due diligence, but they weren't they're not not like the um sort of Dun and Bradstreet type of thing. Um, but we've been talking to a company called Exager, um, who do a lot of that work around so a bit like um what risk methods? Um I'm not sort of they've changed their name recently, but um so we were working with a company that was giving us insights into certain um companies around a whole bunch of of different elements around their um ESG, but also down their supply chain. So what was their tier two, tier three, tier four? Yes, um, and who were they dealing with? Yeah. And and we would we would commission reports if we if we weren't really sure.

SPEAKER_02

Yeah.

SPEAKER_00

Um so we would we wouldn't do it if you like routinely because it was just it was too much. Um but we'd if we felt as though there was something that there that needed exploring a bit deeper, we'd use the company like that to actually say, right, okay, we need you to hone in on XYZ, you know, yes to see where they're at.

SPEAKER_01

And then if if you were if if you were seeing, you know, if you you were concerned there in the you know, you're seeing something, I mean, what what type of contingency planning were you were you putting in place?

SPEAKER_00

So for for our critical suppliers, yeah, um we started to look at the possibility of having proper contingency plans. Yes. So um, and when we said proper contingency plans, what we meant was if we if if we made an assessment that there was a supplier, that if we if they stopped functioning tomorrow or were taken over by a company in a jurisdiction that we couldn't deal with, then our sort of our head scratching would start to like what what would we do? Yeah. So started to build those contingency plans that said, would we would we in source? So that might be an option that we just basically just go and try and secure the people in that organization and try and get them to work for us.

SPEAKER_02

Yeah.

SPEAKER_00

Um, another option would be to have a first reserve. So there were a couple of um organizations that we spoke to and basically said to them, if the worst comes to the worst on this, we're not expecting anything to happen, but know this. If it if it did, we're likely to turn to you. Yeah. So it's just that we want you to be aware, we don't want it to come out of the blue, that if things go for us, that we're we're possibly going to come and ask you to step in.

SPEAKER_02

Yeah.

SPEAKER_00

Um, and and as as you can imagine, that conversation probably took the well, it took them a little bit by surprise.

SPEAKER_01

Absolutely. You yes, you're not expecting as a in a competitive world of of procurement and tendering that um to be, yeah, the a losing supplier to be given a first reserve position. Quite an interesting concept.

SPEAKER_00

Yes, it is. Um, and and you know, we did make it really clear to them, you know, this isn't a this isn't a guarantee of anything, of any future business. But what it is is a recognition that we think you're you know competent enough to deal with. We know that you didn't, you, you didn't, or you weren't successful in gaining this business. However, that doesn't mean say that we wouldn't do business with you. You just you were just bested on the day. Um and rather than just say to you, well, you know, you've got a chance next time, it's like literally, you know, because if we do need to to step away from this organization, we'll we'll come, we'll come and ask you. Yeah. Because, you know, we won't have time to take it to market because we'll need to get someone in fast, yeah, to to carry on the service that we need. And then we'll think about how we compete it later on down the line. So we're saying to them, we'd expect you to step in, we'd be happy to to negotiate with you. Yeah. Doesn't mean to say you're going to get the business forever, it just means that you're there until we can get, yeah. But what it does do is it gives them a it give it again, it helps, I think, when you're, you know, thinking about um making sure that the market is is maintained and that you keep you keep them keen instead of just pushing them away with a with a general debrief and saying, you know, that's that's it for the next however many years. Because certainly in where it was in in New Zealand in defense, you know, we were we were moving more and more towards longer term agreements, you know, that were 10, 15, 20 year horizons, and in some cases 25 year horizons, because we would buy an aircraft, for example, and we'd just say, right, well, for 25 years, you've got the gig to look after us. Yeah. So it doesn't make any sense to do anything other than that because it costs us more money to go out to bid. Yeah. Um, but at least in in that scenario, you know, you are saying to people if things go wrong and we can't work with these people, then you know, we'd we'd expect to step into you at that point.

SPEAKER_01

Yeah, and it's a really, really good insight into that that strategic management of the supply market. You know, that it's very easy for us in in the procurement world to think, you know, think very short term, you know, right, I've closed, I've closed that tender, I've selected my supplier, nothing else matters. You know, that fire and forget mentality. But actually, that's such a good example of of thinking about just how how the how that supply market is going to continue and what needs, you know, how you need to manage it from a long-term view.

SPEAKER_00

Yeah. I mean, it's not something you advocate to do in every every case. It's like it is really for those things where you've made an assessment and you and you know it would be almost catastrophic if you can't um if you can't do something in that space.

SPEAKER_01

Yeah, yeah. Yeah. And just on, I mean, quite interested in that that process of contingency planning. I mean, can you give some insight there into that kind of presumably a cross-functional approach again, with uh rather than just a a procurement study?

SPEAKER_00

Yeah. So so we uh I think we I was quite fortunate really when when we're in defense in New Zealand, because the you know, the sort of the the the joint defense um services, yeah. So I was peer with the commander logistics who owned all of the um sort of maintenance repair and overhaul for fleet for all fleets. Um but also I was a peer of the CIO and the chief information security officer as well. So we had a when when we started looking at say um cyber security, we we were working in tandem. We had we had a working group, or if you like, a steering group that included me, the CIO, the commander logistics, and the chief information security officer. Yeah. Whilst we were thinking about because obviously when when the pandemic hit, um, I think it's pretty well known that the amount of cyber attacks just went up in like exponentially, exploded. Yeah. Um and we'd we'd already been considering what what we needed to potentially do around cyber, especially for our suppliers. Um because it was uh it was becoming increasingly you know obvious that one of the ways to disrupt um is to disrupt supply chains. And especially in the defense, you know, I mean the the it's the old ad age, right? An arch army matches on its stomach, right?

SPEAKER_02

Yeah.

SPEAKER_00

It's like so there are lots of ways now to disrupt supply chains without ever having to bomb anything.

SPEAKER_01

Yeah, yeah.

SPEAKER_00

Or plant viruses in there or do whatever they do they can. So um we were worried about um the denial of service and all that sort of stuff.

SPEAKER_02

Yeah.

SPEAKER_00

Um, so we put this working group together, and to to give you a really, really good example, it's uh um and and things that people need to think about is so one of my one of my junior buyers got a phone call once out of blue from one of our quite strategic suppliers saying, uh, just wanted to let you know that we've had we've had a DDoS attack, yeah um, we've we've had a look, but cursory look, and we don't think that any of your information's got out there.

SPEAKER_02

Yeah.

SPEAKER_00

Uh at which to which point we said, and and then followed it up with a comment, I think, that was along the lines of, anyway, it was a little bit worse than the previous one. Right. Yeah. So this junior buyers doesn't really know what to do with it, says to a line manager, like, this is this, I've got this information. Yeah. It gets it gets eventually gets fed into me. And I'm going, hang on a minute. So just so I've got this clear then. So they've had a DDoS attack, but it wasn't the first. And they didn't even tell us about the first. Now they've had a second one. They've told us that they don't think there's been anything stolen or whatever. Yeah.

SPEAKER_02

Yeah.

SPEAKER_00

But how do we know? And how do they know?

SPEAKER_02

Yeah.

SPEAKER_00

And and so one of the things that you brought into sharp focus for us was that there was no mechanism, no agreed mechanism for suppliers to know what to do. Yes. That particular instance. Yeah. We took a we took quite a critical look at ourselves in this as well, and thinking, well, you know, it's not all on them, right? We we're just fortunate that they've told us, actually. So some of the stuff that we put together with the help of the uh the chief information security officer and his team was a number of clauses to go into uh into our um contracts, into our model contracts, so that we could we could relate to people. This is what we want you to do in the in the event of a cyber attack. And here's your instructions, here's what you must do, and here's here's all of the things that we would expect you to do. Yeah. On top of that, we'd also be tell telling them what we wanted them to do to protect information.

SPEAKER_02

Yeah.

SPEAKER_00

Um, and I mean, you know, people talked about cyber insurance, and and we had a good debate about cyber insurance, and they're still, I know that there's lots of people who are who are thinking of having that, but as we said at the time we had this conversation, and it was along the lines of what's the point in us being compensated with money if our information is already out there and it's gone. Yeah, there's no there's no amount of money is ever going to compensate us. So paying premiums for cyber insurance seems a bit stupid.

SPEAKER_01

Yes, yeah, yeah, a very just reactive tick box mentality compared to actually really thinking through where's the where's the vulnerability and and how can we how can we mitigate that.

unknown

Yeah.

SPEAKER_01

Yeah, I it's an interesting one you raised, Paul, about the just that, I mean, the cyber, the cyber threat and you know what what that can actually mean to your your supply chains and and your organization, you know, it's something we don't really think too much about, but obviously, you know, coming from particularly from a defense perspective, but probably something we can all learn in other sectors.

SPEAKER_00

Uh absolutely. I mean, you you know it could it could severely compromise your competitive edge. Because if you've got information there that you're sharing with supplier, and and you need to do it from a commercial standpoint or an operational standpoint, and it's part of your USP, you know, somebody does a cyber attack and finds that out, then you you know, your competitive edge is undermined. Yes. It's almost like trade secrets, you know. And I think that's what people should be really um, you know, it should occupy the front of your mind. It's like, what information does your supplier have that belongs to you? And what exactly are they doing with it? Where are they using it? How secure is it? Yes, yeah. And and what happens if that information gets out to a competitor?

SPEAKER_02

Yes.

SPEAKER_00

Yeah. Yeah. It's um, because it, I mean, you know, some of these people who are hacking in their stuff, it's they they're looking for they're looking for stuff that's lucrative, right?

SPEAKER_01

Absolutely, yep. Yeah. I mean, you've come from that um national defense perspective. Um, but you know, you apply that to a competitive scenario, it's um the those lessons transfer, don't they?

SPEAKER_00

They they absolutely do. And um, you know, it's I don't think I don't think that we're doing quite enough in that space, I think, as procurement people. I don't think we're doing enough work around that protection of information. And I think people just assume that everyone's going to be okay with it.

SPEAKER_01

Yes, yeah.

SPEAKER_00

And they've got it protected.

SPEAKER_01

Yeah. Do you think we've probably left that to the, you know, we feel that that's in the realms of the of the CIO or the or or even you know, or the or an IT function that should be worrying about that. And but actually we should be worrying about our our supply chains and our and our suppliers.

SPEAKER_00

Uh yeah, absolutely. I think, I think, yes, it it does start in that domain, right? It does start in the in in the IT domain. Yeah, you know, as as uh our chief information security officer was very, very clear to me is that Paul, you own, you own the commercial information in this organization. I don't own it. Yeah, you own it. What what can I do to help you? And what can you do to help me to make sure that in our supply chains are secure when it comes to an information security point of view. Do we think enough about when we impart when we're when we're going out to the market of what information we're sharing, both within tender documents, but also as we go through a contract with someone, if you know, there are necess, you know, necessarily you need to share information with them. You've just got to be really clear about, you know, I think people are a little bit complacent and just say, oh, well just tell the supplier. And it's like, is that information what class is it and and what does it look like? And certainly from and I I think we look at it from a secure point of view and a security point of view and a data protection point of view, but I'm not entirely convinced that it's enough concentration on the commercial information that we're we're exchanging with our suppliers and the vulnerabilities that that might that might be subject to.

SPEAKER_01

Mm-hmm. Mm-hmm. That's good. Really, really good example. Great. Paul I wanted to also just touch on on um you know building procurement teams because I know you've you've had some um real uh experience of of of yeah building developing and managing quite large large functions. And yeah I I guess the you know if we if we if we look at the top first so I mean you know what what what are the most critical skills you see for for procurement leadership now?

SPEAKER_00

I I do think that you've got to have you've got to you've got to have a lot of EQ nowadays to be a government leader. You know the the changes that we've seen in the way that people work and and how people work uh and where they work yes um means that you need to be very sensitive I think to the way that you know people's personal circumstances and I think in a way that we've never done before.

SPEAKER_02

Yeah.

SPEAKER_00

I think you've got to have a good you've got to have a good nose for risk as a procurement leader to understand both commercial operational and other risk factors and be able to apply those to to your world and to the world of everybody else. Because I mean you know I I think I once said to one of my colleagues you know procurement and I don't I don't know really whether I'm I'm going to say this wrong but procurement knows everything about the business because they know everything that you buy. Yes and and you know you you're the you're the aggregator of you know you could almost you could almost be the person that says is your strategy working yes yeah just by what you've bought and and how you go to the market. Yeah um so you need to be able to to be able to work cross-functionally so again you need to you need to be a good communicator and and a good networker so you've got to be able to and and and as as we always have have to be right is great salesman.

SPEAKER_01

Yes absolutely yeah yeah but actually what what what's really important there is that you know you you're reflecting there the the strategic value of of procurement you know when when procurement's involved at the at the right level and thinking in the right way just how important that is to the to the the functioning and the uh and the performance of the business you know as you say you're you're taking on that role of of you know a of protector in a way think thinking thinking what could possibly go wrong and making sure that can't that can't happen. Yeah absolutely yeah and just go just going back to that um that that talent perspective so you know you talked there about you know you know really understanding the people that you're that you're that are working for you but you know how how does that translate into into getting that talent and keeping that talent you know it's quite a management challenge now.

SPEAKER_00

Yeah it it it is there's um there's lots there's always got lots of competition for good people um so you know you've got to you've got to have a good employee value proposition yeah um and and whilst that's a part of it you know we're we're seeing sometimes salaries you know we're not sometimes we're not paying the right salaries yes um with and I think that um we wonder why we're not getting the right people then you know at the end of the day you can have a good employee value proposition you can have great benefits and and but you know nowadays there isn't I I I've looked at jobs in the last few weeks just to get an idea of what people are offering and and you know the soft benefits they're pretty much of a muchness now you know most people are offering 28 to 30 30 days holiday per year lots of people offering like life insurance gym memberships all this sort of stuff so you know the the things that were differentiators maybe three four years ago and and not anymore because everyone's sort of caught up with each other. Yeah so it's it's really difficult to see where more soft benefits could come in. Yes um you know flexibility I think is one of the things that that is certainly there. But again there's quite a lot of people saying well you know you only have to come in the office like once a week. Yeah you know and that's the sort of thing that's appealing to the workforce nowadays. Yes you know they don't want to come into an office every day of the week. Yep. But like say those those softer side benefits are not you know they're all much of a much nice um yeah which means that you know it goes it goes back down to that horrible word of money again.

SPEAKER_01

Yeah yeah um and that and that also that comes back to the the you know the the value of procurement and you know I you you know we and and maybe that that's the the the old way of thinking where procurement was seen as the uh the the transactional processor you know a a gatekeeper uh processing of purchase orders um but actually what you know we we're we're talking about you know real commercial skills you know the the the talent and the the impact that comes from commercial people um and and that potentially that's still undervalued yeah I I think it is um I mean certainly but in in in the defense force in New Zealand you know I lost I lost count of of the amount of times I had to say to RHR people that you know one of the reasons why I was down under was because it was a shortage skill.

SPEAKER_00

It was on their immigration lists of shortage skills procurement right yeah um so everybody's fighting for that for that same resource right which is limited um and HR didn't get it I was saying look you know our salaries are are not just uncompetitive that they're a mile behind the market yes um and they were saying well you know we're in five percent of the median I'm like you you you're you're not understanding what I'm saying what what I'm saying to you is there are people paying up to 20 25000 more for a where where we are above their base level. Yes and so no matter how good our soft benefits are and no matter how much you appeal to people about wouldn't it be great to work for this organization because it was I mean that was it there's no doubt about it the procurement in that organization was you're not going to get that anywhere else you're not gonna be working with like global defence suppliers yes and stuff like that. You're just not going to get that um but if you haven't got the right money people won't come yes absolutely yeah so there's there's a there's a definite war for talent and it's still going on um I do I do think that some sometimes you just got to get real about how much money you're going to pay people and it might it might bark but you know if you just if you just think of you know if I if I think about what I list on my C V in terms of the savings that I've achieved or the the savings opportunities I've created in the last 25 30 years well that's that's in excess of like 500 million pounds. It's like I haven't even got a like a sniff of of that in terms of money I've been paid.

SPEAKER_01

Yes it's like so there's there's the value there's there's the value there's the value proposition absolutely and and of course that that's just on one perspective that's just a savings perspective and you know I think where you know procurement can be very undervalued from so many different perspectives. You know we've talked today about about that risk you know that's a protection um value that impossible to quantify but could be catastrophic if you're not doing it excellently.

SPEAKER_00

Yeah and I think as well you know that's that the assurance piece as well so you know we we've got certainly in a regulated environment right we we've got a duty to keep the business safe. Yes so there's always going to be people who don't want to follow the rules right um and and unlike private sector or most private sector you you know you you can have your policies in place but you're not going to end up in court if you if you don't follow your policy right or you know in a regulated environment you're potentially going to end up in court and it's it's not the case of of of you know the worst thing that happens when that happens is your reputation goes down the pan and that's the biggest thing. Yeah um so we we're also in that protection mode as well so it was it was quite interesting sometimes in in defense force you know you get people coming to me saying you know banging the fist on the table saying you've got to do this and your people have got to do this yeah and um and and had the and if you don't I'll go to your boss thing. Yeah yeah and it's like okay that's fine the you know you you you're breaking the rules and we're not we're not going to allow you to do that. Yes because you're not not your boss not your boss's boss or your boss's boss or or your boss's boss but the boss has said you you are not to break the rules yeah and and so if you want to have a conversation with him about breaking the rules then go ahead because we're fairly confident that he's going to tell you to stop being so silly. Yes but but do you really want to have that conversation with the chief of defense force?

SPEAKER_01

Yeah exactly yeah you know so yeah great great um Paul that's that's fantastic um a few quick questions to to wrap up same questions that we ask all of our all of our guests um so um and uh the the the one that everyone loves is how how did you get into procurement?

SPEAKER_00

I went for a job with HR yeah no seriously I went for a job with HR uh I wasn't successful um but the person who interviewed me basically said there would there was somebody who was going to leave but didn't yeah um so they said so actually had we had we been giving you giving the job out you we'd have definitely taken you but um I've got a I've got a mate that works in another branch yeah um and he's looking for someone and I think you'd be perfect for him so do you mind if I put him putting put me onto him so I said no of course not I'm I'm quite happy to have a chat with someone I didn't even know it was procurement until I actually sat down with him and had a coffee with him um and the and the rest as they say is history the rest's history excellent great and then um and then looking you know looking back now you've you know you've had um experience from so many different different angles um so you know you know what what what do you recommend to anyone for a a successful career in in procurement um I think it's I think I think for me it's it's develop it's develop your network um and um always have an open mind about what you can do rather than what you can't do.

SPEAKER_01

Yes yeah great great um and then yeah lot lot last question Paul um so you know there's I'm I'm sure the the the procurement initiative network is um will be wanting to uh talk to you but um so where where where can people get in touch with you uh so I'm I'm on LinkedIn you should be able to find find me on LinkedIn um and uh what give an a I I'll probably give an email address out as well. Okay great great well we'll put that on the on the podcast chat so we'll put your LinkedIn connection there. So so great if people want to uh pick up on those subjects they can they can get in touch. Yeah sure great um Paul thank you very much that was um really informative really interesting and really appreciate your time on the podcast thank you thanks it's been a pleasure great great um that was that was really good yeah really good um here's here's the question um anyone you think should be the the next podcast guest any it's a good question that um ah I I've been I I mean I I don't know whether any of my people how about Ian McGill have you have you come across Ian McGill I don't think so where's where's Ian so Ian runs his own business I think he it he it it does a lot around about sort of procurement data transparency and and things like that.

SPEAKER_00

So yeah yeah um I don't that would I don't know whether he'd be it'd be interesting or not but I'm sure it I'm sure he probably would be because he's got he's got quite a lot to say around that you know data transparency and um getting visibility of tenders coming out of government and stuff like that.

SPEAKER_01

Okay okay that would that would be good um oh I'll find him on on LinkedIn or perhaps maybe you could just connect me up maybe that would be I'm more than happy to to connect you up I'll uh great make a note of that. Oh thank you. Thank you for joining us on the Procurement Initiative Leaders podcast. I really hope you enjoyed it. Looking for more procurement insights tips and developments from leading procurement professionals? Join our procurement initiative community on LinkedIn. Just open LinkedIn and search for the procurement initiative and be sure to hit that subscribe button to never miss another episode. Thank you for listening