Globalization and regulation, coupled with inadequate investment in compliance programs and third-party risk management programs, are making the proactive identification and resolution of risks posed by suppliers a challenging task. Companies that don’t face up to the challenge run the risk of non-compliant products in their supply chain, and can face serious brand and reputational damage as a result. The key is to accept that supplier management changed; a new and more effective approach is needed, and technology can help with that.
Companies are responsible for managing their brand and reputation, and hence, are ultimately accountable for ensuring risks are identified and accepted, or mitigated within their end-to-end supply chain. In addition to being a good corporate citizen, multiple regulations require conformance with supplier management standards. Meanwhile, corporate social responsibility carries a moral intolerance for unsuitable working conditions and inadequate pay, wherever it may occur along the supply chain.
Companies cannot plead ignorance or exemption if any dereliction of duty occurs outside their four walls when it is part of their supply chain. Instead, they must ensure complete compliance across all suppliers, not only to meet regulatory requirements, but also to preserve the integrity of their own business and protect its reputation. To do this, they need robust, efficient systems and procedures for supplier onboarding, risk management, relationship management and off-boarding.
Sadly, these measures aren’t always in place. Looking at anti-corruption specifically, the 2016 survey from Dow Jones Risk and Compliance, in association with MetricStream Research, found that only 27 percent of respondents from surveyed companies monitor business partners quarterly or more often. While 58 percent of respondents indicated that training on their anti-corruption program is provisioned for partners, that leaves over 40 percent without structured training on company expectations.
In fairness, companies had to catch up to changing circumstances. The supply chain universe is changing rapidly and comprehensively. Globalization drastically increased the sheer number of suppliers that companies use and the variety of countries that they are located in. Business moved a lot faster than operations, so suppliers were on-boarded quickly, but perhaps not as assiduously.
At a time when organizations needed to invest in internal operations and systems to keep pace with change, this obligation was too often neglected. Compliance and risk management are areas where a lack of investment in the short term can cost more in the long term, and companies are now scrambling to catch up.
Adding to all of this is a regulatory landscape that’s becoming very complex. Globalization plays a part here also, as the regulations that companies need to understand are no longer just local. The volume of regulations increased many times over. And each time a regulation changes, policies and procedures have to be updated and tested before implementation. Team sizes, on the other hand, did not increase. The upshot is that automation and more efficient ways of managing regulatory change are needed.
Five big procurement challenges result from this supply chain situation:
- Management of supplier information. Ideally, a central repository for all supplier agreements, policies, procedures, and an audit trail of approvals and workflow are essential, as are details on the products or services that each supplier was approved for. Many organizations don’t have this repository in place. Consequently, they are unable to manage or perform proper supplier risk assessments, and understand the risks that may exist with third parties in their supply chain.
- Avoiding silos in supplier management. Organizations often lack a consistent, centralized way of managing risk, particularly those that grew organically through acquisitions. The risk of managing suppliers in silos is that, over a period of time, there is a lack of clarity over which suppliers are being used, by whom and to supply what.
- Real-time risk information on third parties. Getting real-time risk information on all third parties (or fourth parties) is a significant challenge. There isn’t a great deal of publicly available data, particularly on small suppliers. This can make it hard for companies to identify the risks these suppliers could pose.
- Onboarding suppliers. Without a centralized, controlled process for supplier onboarding, there can be no guarantee that all suppliers are appropriately reviewed for risks. This could end up hurting the company’s brand and integrity. Just as important as onboarding is ongoing supplier monitoring and assessment, which helps companies identify and address any changes in supplier risk.
- Off-boarding suppliers. This process is often ignored or forgotten altogether, which is particularly concerning if a relationship ends with a supplier because of a compliance concern. Individuals within the company need to be made aware that a supplier was, or needs to be, off-boarded; otherwise, they may continue to use them without realizing the risks.
A Better Way
To tackle procurement challenges, companies must first understand their supply chain, and then identify a methodology to manage onboarding and supply chain risk management in a more efficient manner. The key is to focus on higher risk suppliers first, as they need assessing on a more frequent basis.
Technology can help manage and track suppliers, and the risks associated with them by providing a centralized system for information management and documentation control, while streamlining supplier onboarding and risk assessments. Technology can also offer a mechanism for tapping external sources, such as news outlets or social media, to gather relevant information on the financial and reputational risk associated with a supplier.
Companies today must take operational responsibility for their entire supply chain. To do this effectively, while protecting the company’s own brand and reputation, they must deploy best practices for robust supplier onboarding, day-to-day management and off-boarding.
Sonal Sinha is vice president of solutions at MetricStream, a governance, risk and compliance applications company.