Procurement: Less Risk, More Sleep
Leaders are often asked what keeps you up at night?
In my procurement role, without a doubt, it was–- ‘supplier risk’. I had responsibility for strategic sourcing and procurement, so whenever I had time to think about our gaps, supplier risk was on the top of the list. My greatest concern had to do with potential supplier practices that could have possibly caused the company negative publicity or worse -- 'faulty' product. It began to nag me. For a while, I couldn't lift the burden because I did not have the resources to immediately address the issue. My team did not have the capacity to meet the speed necessary for the business and perform the due diligence required to fully vet all of the suppliers. Oh, and by the way, we had way too many suppliers but that and the related tail spend is another topic altogether. I initiated an evaluation of supplier risk tools to help us. As it turns out, a tool should not have been my highest priority. After a lot of research, we realized we should have done much more before implementing new software. At the very least, we should have gathered more information about our suppliers than what is maintained in our accounts payable system.
Once the above information was digitally gathered, sleep was in sight and we were ready for the next steps. Time to figure out our risk factors and risk ratings. We thought about what was important to our business. Our research suggested some risk factors seemed to be common across most organizations.
• IT security - Our technology team was ahead of the game on this, but we needed to partner and look at it holistically. We needed to consider whether or not all of our suppliers had access to any critical systems or network access containing client or employee information. • Financial - If the supplier had financial difficulties, what would be the impact to our company? We had to consider their ability to indemnify us for any claims or their ability to pay resources on our projects. If they don't pay, what happens to our projects? • Reputational - Could we be collateral damage if our supplier is impacted by a scandal? • Business Impact - If our supplier suffers adverse conditions, will our business suffer any, a lot, or not at all?
Other risk factors considered included government regulations, legal, and last, but not least, ethical concerns. For risk ratings, we decided to keep it simple (high, medium, and low). Next, we decided on a tool for monitoring along with some outsourced help to manage the program. I hope my experience can help you with your supplier risk so that you too can have more sleep.
Blog dated 26/02/2018