News U Can Use

A Supply Chain/Strategic Sourcing learning community devoted to ideas you can use in your work or daily life.

Apple Kickback Scandal: A Lesson in Risk Management

Posted by thempowergroup on August 24, 2010

Today’s post is from Dr. Lowell Yarusso, Senior Vice-President, Talent Management, of The Mpower Group (TMG) and a contributor to the News U Can Use TMG blog.

News reports that an Apple global supply manager is accused of receiving illegal kickbacks in return for providing access to inside information about Apple’s sourcing strategies reminded me of an old Baseball story.  A rookie was at the plate for his first at bat in “The Bigs”.  The umpire was one of those old timers who had seen it all.  The pitch came in on the borderline and the ump paused before making his call.  The impatient rookie quickly asked, “What was it?” The ump’s response, “Kid, it ain’t nothin’ ‘til I say it is.” The same can be said about risk.  It “ain’t nothin’ ‘til someone says it is”.

And that’s the rub.  While I’ve talked around this issue in several other blogs and articles, the Apple case focused me on it again.  The early efforts to determine where Apple went wrong seem to point out the frequent tendency to close the doors that have “Entrance” signs and to ignore the ones that say “Employee’s Only”.  Many of the comments I made in discussing employee theft (What’s in the Wheelbarrow: Theft and the Supply Chain) apply here as well.  But, more to the point, how does an employee get the opportunity to take hundreds of thousands of dollars in kickbacks without someone noticing?

Part of the problem lies in the way companies approach the issues of risk and security.  Before you can address a risk, you have to recognize that it exists.  Like the umpire said, until you put a name on it, it doesn’t exist, at least not in the sense that you can do something about it.  One of the key issues I raised re: the Barings Bank collapse (Risk Management Lessons from Barings Bank (RIP)) is the tendency to apply a “black box” mentality so long as results appear to be favorable.  In this case, I can only speculate that, if anyone asked about it at Apple, the response was something along the lines of “We made our goals; everything must be under control.”  The possibility seldom occurs to anyone that, sometimes, things are not just going better than expected; they’re going better than should be believed.

While there are lots of clues to such situations, in most cases, they seem to only become clear after the fact.  The natural assumption is that, because they were recognized after the risk was identified, no one could have seen them in time to do some risk mitigation.  That assumption is wrong.  The clues are always there and are always identifiable IF the organization takes risk management seriously and makes it a top priority, from both a leadership and a management perspective.

Leadership has to make honesty and integrity the cornerstones of the business.  Everyone, from the top down, has to make it clear that there is zero tolerance for behaviors that cross the line.  Apple’s reaction to the scandal has been vigorous and shows the right attitude at the top.  The question that I have is whether or not that same attitude has been driven down through the entire organization.  How many individuals at lower levels were more concerned about what cost goals they achieved than about how those goals were met?  Organizations need to continually and consistently talk about the values and ethics that are expected and the behaviors that will not be tolerated.  A placard on the wall proclaiming that “We are an ethical organization” quickly becomes part of the background if it is neither strongly reinforced nor vigorously applied.  That’s a leadership issue and it requires that leaders make calls on a daily basis so that everyone knows the balls from the strikes.

From the management perspective, organizations have to craft their processes and procedures to reflect their commitment to ethical conduct.  In the sourcing arena, that means that there should be a periodic review of results that focuses not only on such issues as adherence to internal control procedures but also considers whether or not results are consistent with business expectations.  And, yes, every organization assumes its suppliers will bend over backwards to make them happy.  But, if one person has a significantly better track record, if one category area is always out in front in terms of hitting should-cost estimates, exceeding requirements, or in other ways outperforming the norm, red flags should go up.  Unfortunately, such a situation is frequently called “great work” rather than “potential risk”.  And, as in baseball, the pitch becomes what it is called.

Another management issue is that of the reward structure for the sourcing organization.  Bonuses based on cost savings are a two-edged sword.  They not only motivate good sourcing practices, they also provide powerful temptations to cut an ethical corner here or there so that bonus goals are met.  It should be obvious (and usually is in retrospect) that a sourcing group that consistently meets its price reduction goals year in and year out may not be working with the best interests of the organization as its primary motivation.  (I have seen situations where buyers asked suppliers to spread an offered price reduction over three years rather than granting it in the first year so they would be sure to make their numbers now and in the future!)  Here, again, what you call it becomes what it is.

The bottom line is that organizations need people, like the umpires, who look at the pitch dispassionately and call it as they see it.  A great tool in this regard is the application of scenario planning as part of the risk assessment effort.  One approach is to establish a process review system that includes the question, “What would we expect to see if someone broke faith with our ethical code?”  While there is no guarantee that such a review would have spotted the issue at Apple sooner, by naming surprising results a risk, the potential problem might have been identified and investigated more diligently.

What’s your take on this area of risk?  I’m interested in your thoughts, especially with regard to: 1.  Do you think that Apple’s experience is only remarkable because it was discovered, i.e., does this kind of thing go on far more than we realize?  2.  What have you seen that falls into the realm of risks that “…ain’t nothin’ ‘til someone says it is”?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: