The community for leaders in finance shared services
Keywords: supplier risk management, risk management, srm, procure to pay, supply chain disruption, UK bribery act, shared services
Sarah Feurey | Article | 29 November 2012
If you work in procurement, supplier risk management should be on your radar – but are you aware of all the risks you face?
All professionals involved in the procure-to-pay process should be aware of this important issue. Why is this so important?
According to Terry Kohn, Principal at Hookeo Consulting Company whom Susie interviewed in our recent webinar, “The penalties are gigantic, the risks are huge. It would be considered fundamentally a gap in preparation if the CFO wasn’t actively and aggressively putting a governance structure in place.”
In terms of the supply chain risks, shared services leaders need to be concerned with:
While most professionals in purchase to pay are generally aware of the need to ensure critical suppliers are risk assessed, they should also be aware that governments around the world are taking an increased interest in managing risk on behalf of the corporations that reside within their territory, as well as their activities abroad. As Kohn said, “They have become assertive and aggressive and the fines have been huge. They have started to put people in jail.”
The UK Bribery Act, The Foreign Corrupt Practices Act, child labor laws, and conflict metal laws are just some of the laws that have impacted major companies. If you think this couldn’t happen to you, here is a glimpse of some of the recent top fines and damages companies have faced through insufficient supply chain management:
Not only are the fines and the hits to reputation tough, but Kohn said that in some cases the bad press and uncertainty has led to share prices falling 25% overnight in some cases.
What does compliance look like?
Kohn said that it’s common for companies to take a half-hearted approach to risk management. These types of approaches are generally reactive, based on suggestions from a third party or responding to a disruption in your supply chain. However, this type of approach, generally isn’t good enough, he warned particularly if you need to monitor all of your overseas subsidiaries.
Good compliance programs remain fundamentally a process, Kohn says. To do it well you need to understand what good supplier risk management process looks like and understand the operational management of risk and regulatory risks. There has to be a very definitive process that is followed in terms of roles and responsibilities and job descriptions around supplier risk management. Progressive organizations will examine their process and get a good understanding of their current approach to risk before implementing new processes supported by tools and a governance structure.
Which of your suppliers should you worry about?
It’s not just about assessing your top 50 or 100 suppliers, Kohn says, because very often you already know the details of this tranche of your suppliers and they have a vested interest in doing the right thing for you. The suppliers that generally pose the risks, he warns are usually outside the parent companies’ geography and the risk is magnified dramatically when in geographies where risk profiles are higher (Kohn named Africa, Latin America and Russia as areas that pose higher corruption risk). In these hotspots, the type of risk management you might expect be put in place isn’t always the cultural norm. In these regions you can’t just rely on the country managers to manage the risk.
Kohn says there is a pretty well defined approach that, over time, has proven to be the best approach for addressing this whole supplier risk management activity. Here are some of his key tips:
1. List the risks. You should start with an assessment of the inventory of operational and regulatory risks associated with business.
2. Vet your suppliers. The UK Bribery Foreign and Corrupt Practices Act requires you to vet 100% of your suppliers before you spend a dollar with them. Kohn warns you need a very refined process where you typically look at a number of databases to assess whether suppliers or their employees have been indicted for criminal activities.
To assess your supplier risk, you need to build a tiered assessment of your global supply base down to the category. Have your suppliers been vetted against your list of operational and regulatory risks? Kohn recommends instead of vetting each organization individually, use a third party to go in and inform your organization on vendor resiliency, information security breach potential, financial risks, conflicts of interest, legal or regularity missteps on corporate or officer level –so that you can quickly decide if you have risky suppliers that require further information.
3. Act on your intelligence. What emerges from these exercises is a few different categories of company types. A large list of companies with no issues, some bad suppliers that you will need to exit from, and medium-size lists of companies that require further investigation.
The role of your shared service organization
The shared services center has an essential role to play in supplier risk management. When shared service centers aren’t involved, this generally indicates a weak approach to supplier risk management. Finance shared service organizations play a crucial role in managing supplier risk in a few important ways. Shared service centers generally manage the purchase orders, manage master data and process the invoices. These pieces of information generally have all the data you need to build a risk profile. Access to this data makes the shared service organization a natural fit to support supplier risk management.
Kohn says that supplier risk management is a process. It’s not just a strategy or a set of published policies and procedures on your website; it’s actively managing supplier risk. You have to be able to assess current activities, vet your suppliers, and have the metrics and governance guidelines in practice. You need to design a plan, implement it then monitor success.
For more information watch the webinar 'On a scale of 1 to 10, how large is the risk in your supply chain?'.
Webinar 27.06.2013 Register
Webinar 10.07.2013 Register
White paper & report13.06.2013
White paper & report13.06.2013
White paper & report11.06.2013
White paper & report10.06.2013
By submitting this form you will become a sharedserviceslink.com member. Members receive our weekly newsletter, and communications about sharedserviceslink.com products and services. See the full membership benefits here.