SlideShare a Scribd company logo

My slides

Download as DOCX, PDF
V
veronikako
1 of 9
To succeed in today’s global economy, businesses face intense pressure to produce and deliver better products and services to the market faster and more efficiently. To achieve this, they need to exchange sensitive information efficiently and extend their business processes to include partners and suppliers across industries and geographies with diverse regulatory environments. Organizations should proactively initiate an information risk management strategy to understand and prioritize risk in a consistent and repeatable way, and then target solutions that map risk profiles to protection levels. Sensitive information assets expose organizations to risks that can damage their reputation, compliance posture, or competitive position. Supplier risk management is an evolving discipline in operations management for manufacturers, retailers, financial services companies and government agencies where the organization is highly dependent on suppliers to achieve business objectives. Outsourcing, globalization, lean supply chain initiatives and supplier rationalization have contributed to a highly fragmented model, where control is often several steps removed from the corporation. While these models have allowed companies to reduce overall costs and expand quickly into new markets, they also expose the company to the risk of a supplier suddenly going bankrupt, closing operations or being acquired. To overcome these challenges, companies mitigate supply chain interruptions and reduce risk with strategies and tactics that address supplier-centric risk at multiple stages in the relationship:  On boarding: Bringing suppliers into the operation with registration that includes:  A centralized supplier registration portal  Integration of third party performance, financial data and predictive indicators into the supplier profile  Monitoring for stability beyond financial data, including:  Criminal and terrorists (i.e. Office of Foreign Assets Control) ties and operational performance  Visibility into potential disruptions caused by geopolitical threats, acts of nature, etc.  Cultivating strategic supplier relationships for the long-term:  Leverage supplier scorecards for continuous improvement  Establish and use benchmarks for measuring supplier performance  Creating a system for collaboration and supplier development  Establish control across the extended enterprise:
 Create integrated supplier networks  Extend performance management benchmarks to second and third tier suppliers Optimizing Supplier Risk Management Question: How can the bank optimize its vendor risk management efforts? Answer: Conducting business in a world wired for instant connection is constantly changing. It‟s complex - teeming with technology and overflowing with sensitive information. Expectations are that regulatory enforcement for assessing risk of outsourced suppliers will increase, not decrease. The bank‟s responsibility for developing a cost effective due-diligence process for finding and resolving high risk issues is abundantly clear. Does that mean that you need to develop a program that provides due diligence for every outsourced supplier or vendor of the bank? Absolutely not. The expense and low probability of success is much too high. However, by breaking the process into layers (triage), the bank can continually winnow down the list of suppliers to those who constitute high risk to the enterprise. Those suppliers who are „ticking time- bombs‟ are the ones that require immediate attention. For example, the first layer of process is to leverage information already captured by your vendor procurement group which identifies the vendor‟s geography, corporate information, business process, financial reporting, existing compliance practices, and contracts. This will identify many vendors which do not provide an IT or data security risk. Many, if not most third party relationships, do not rely on access to your confidential data and networked connections. The second layer would tap into information available through public sources. This data creates a risk profile based on indicators for business, financial, and geographical factors of the third party. Again, such analysis identifies those third parties‟s that do not require the third, final and more expensive step requiring a focused due diligence process. Probable success in tracking down the high risk supplier from this reduced number of suppliers and vendors then becomes substantially higher. Key Drivers of Successful Supplier Risk Management The global recession proved perhaps the most challenging period ever, or at least since the Great Depression, in terms of managing supplier risk, as companies had to find new ways to both assess that risk and enact mitigation strategies as suppliers struggled to stay solvent. While the worst may be over, in these dynamic times supplier risk management will stay high on the procurement priority list, and companies need a formal process for managing that process. Research shows that on average large companies encounter a major supply chain disruption every 4-5 years. Just this year, for example, network equipment and other high tech companies have battled shortages on very basic electronic components, leading such as Ericsson, Nokia, Alcatel-
Lucent and other firms to report pretty significant hits to revenue in Q2 and falling stock prices because they simply couldn’t deliver the goods to customers. The Boston Consulting Group (BGC) recently did a survey of procurement executives around practices and processes for supplier risk management (SRM), an acronym which unfortunately is also used for supplier relationship management. Regardless, Boston Consulting defines supplier risk management as “the use of processes and procedures to offset any risk factors that could interrupt a supplier's ability to provide an organization with needed raw materials, components, or other inputs or services. It says typical risk factors include: financial risks that could affect a supplier's solvency; operational risks that could affect quality, logistics or pricing; market risks related to regulatory and geopolitical events, or changes in commodity prices; major catastrophes and natural disasters; and anything that would compromise a company's brand, intellectual property or proprietary processes. Writing in The Institute for Supply Management’s Inside Supply Management magazine, Boston Consulting’s Robert Tevelson, Petros Paranikas, and Byron Paul say, however, that their research showed ―the majority of companies that do have SRM practices tend to focus only on direct, supplier-driven risks, ignoring those related to market changes, geopolitical issues and other potentially disruptive, external events.‖ Of course, each company and its supply base are subject to different levels and types of risk, depending on the number of available suppliers in a category, where the suppliers are located, how generic versus customized the supplied product is, use of single versus dual or multi-party sourcing strategies, and the way the company itself creates value and goes to market, among other factors. Five Levers for Supplier Risk Management Success BCG has identified five key factors necessary for SRM success. These five are: Engage Top-level Management: This means both that senior procurement leaders must actively show their support for SRM within their organizations, and then also communicate that need to the CEO and executive peers. Yet, BGC’s research showed only 45% of respondents discuss SRM with the organization's executive team on a quarterly basis; 20% never discuss SRM with senior management. Best-in-class companies, BGC says, set up regular SRM reviews that follow a standard format and offer clear escalation procedures when potential problems are flagged. The authors make the strong point that SRM cannot be only the province of the procurement group – the trade-offs and level of risk tolerance must be approached cross-functionally. Segment Suppliers Based on Relative Risk: No company can manage detailed risk assessment and mitigation strategies across thousands or even hundreds of suppliers. So, procurement organizations must pick the most important suppliers to focus on, but too often this is done by ―gut feel‖ rather than a formal categorization process. ―Best-in-class companies take a more formal approach, dividing suppliers into different risk categories based on predetermined criteria such as financial health, supply of critical
components, supplier value-add, supplier power, time to switch and industry outlook,‖ BGC says. ―These risk assessments are refreshed at least annually, and, in some instances, every quarter. High-risk suppliers are reviewed more often, so that issues are identified early and quick action can be taken.‖ Not surprisingly, the authors say, more frequent risk assessment is linked to more successful risk identification. Rigorously Measure and Manage Risk: Even though it has become well understood that companies need to assess both the probability of a supply disruption and the level of financial impact the disruption might cause, BGC’s research found only 40% of respondents were satisfied that their companies could effectively quantify the likelihood and impact of key risks. BGC says companies need to add more ―rigor‖ to the risk assessment process, and do a better job collecting cross-functional data that might help identify an emerging supplier problem earlier (for example, are key personnel leaving the supplier?). Collaborate with Key Suppliers: Complex, global supply chains require higher levels of collaboration. So do very ―lean‖ supply chains (and who doesn’t have one of those these days?), where disruptions can quickly lead to operational and financial problems. The key point: ―Companies such as these must understand the risks of the entire supply chain, not just of individual suppliers. Yet few can single-handedly take on the substantial cost of managing risk across the board. Collaboration is critical,‖ the BGC consultants say. The research found few companies say that their companies actively collaborate with suppliers to manage risk. Give Category Managers Tools and Training: As with many things, most companies agree that supplier risk management is essential, yet the survey showed few companies effectively educate their senior leaders and category managers on how to do it well. The research showed two-thirds of respondents reported that their companies failed to provide even one full day of risk management training, and most expressed dissatisfaction with current programs company training programs on the subject. Technology support tools are equally lacking, though BGC says a few companies have complex tools that can track the potential impact of a single event in one location — such as a tornado in Kansas — on all aspects of the supply chain. ―SRM is challenging and requires a proactive, customized approach to get it right,‖ the BGC authors conclude. ―Understanding your company's model, based on your source of competitive advantage and degree of supply chain complexity, reveals critical best practices. These, combined with the five levers for success, can help your company stay ahead of potential supplier problems.‖ Third Party Risk Management and Vendor Compliance Third Party Risk Management is rapidly growing in importance as organizations increasingly turn to outsource providers to reduce operating costs and increase their focus on core competencies. Amid the benefits of outsourcing, there lies a significant risk. Simply stated, liability cannot be outsourced.
Compounding this dilemma, regulators including OIG, OCC, FFIEC and others are increasing their focus on potential third party risks. They want to see organizations proactively identifying potential risks, verifying that business partners, providers and their employees are compliant, monitoring for changes that might create new risks or compliance gaps, and managing the investigation and remediation of incidents. The Third Party Risk Management solution from Compliance 360 helps organizations address these critical requirements. With Compliance 360 Third Party Risk Management, you have a complete platform for automating the essential processes and proactively ensuring vendor compliance. Implementing Supplier Risk Management: A Phased Approach As a follow-up to Frank Gaibor‟s February blog post, “Improving Life Science Supplier Risk Management Programs – Were you prepared for the volcano?”, I want to briefly discuss the implementation of Supplier Risk Management as fully outlined in our Pharmaceutical Manufacturing Magazine March 2011 article “Vital Links: Supply Risk Monitoring”. Life Science companies face an incredible range of risks in their business environment and should adopt a holistic approach to assessing and monitoring key supplier risks. Implementation of this approach can be broken down into three phases: Phase I: Prioritization When establishing a supplier risk monitoring program, organizations should look to prioritize the suppliers included in the program. If organizations tried to monitor all suppliers across different risk areas, supply chain managers would be overburdened with the sheer volume of information. As part of phase I, organizations should look to identify their information requirements and map them to the various specialized business information providers. Phase II: Continuous Monitoring and Analysis The changing business and regulatory landscape increasingly requires organizations to proactively identify supplier risks. To do this requires continuous monitoring of key suppliers. To alleviate the burden of continuous assessment, there are many well established risk management tools, that when applied properly, can quickly assess risks and support the development of targeted solutions. Phase III: Information Aggregation and Reporting One of the key challenges associated with collecting large amounts of information on a continuous basis is aggregating the information in a clear and succinct manner. Information will be coming in from various news sources at different times and frequency. This requires
organizations to establish processes and supporting IT infrastructures to collect and manage supplier risk information. One innovative approach to information management is the utilization of shared portals as a central repository of supplier information. Establishing a supplier risk monitoring program requires organizational commitment, resource investment and a change in mindset. Many organizations believe their current approach for auditing suppliers, with its narrow focus on compliance risk factors, is an effective method for managing supplier risk. In reality, they are only managing a fraction of overall supplier risk. Organizations which adopt and implement a comprehensive supplier risk monitoring program will have visibility into a broad spectrum of overall supplier risk factors, not just compliance and will ensure they are able to continuously supply patients with their life saving therapies. Benefits: Reducing supplier risk can:  Give insight to manufacturers to create defensive and offensive strategies that turn risk into a competitive advantage.  Help determine whether or not it is beneficial for a company to conduct a customer intervention and know in advance what the potential outcomes might be for an intervention.  Improve competitive position in the market.  Lower supplier costs.  Position manufacturers to better address customer needs by addressing supplier vulnerabilities before they become apparent.
In this macroeconomic climate, whether you are a product or a services company, your key suppliers may find demand for their own products and services falling at an alarming rate. Unknown to you, such suppliers may have become financially unhealthy. Operating in such an environment, your business operations can be disrupted unexpectedly by the failure of one supplier and can cause significant harm to you. As a result, procurement organizations, which have historically focused on securing products and services of the best quality at the lowest possible cost for their operations, are also being tasked with evaluating, monitoring, and managing the risk from the supply base. To ensure that they are able to consistently evaluate and manage supplier risk, procurement executives need very clear visibility into their spend with each of their suppliers at various levels of detail -- how much are they spending with each supplier, what products and services are they buying from which supplier, what is the split of a product's purchase across multiple suppliers that you buy from, what regions is each supplier shipping/servicing from, what is the trend line of various operational, financial and legal risk metrics for each supplier, who are their suppliers, how are the various suppliers linked at different tiers, etc. Spend Analysis provides procurement executives clear visibility into answers to such questions. Spend analysis is the process of determining what is being spent, with whom, and for what. Such an insight is typically used to identify opportunities for cost reduction such as rationalizing supply base, increasing contract compliance, and reducing maverick spending. However, spend visibility is also critical in determining the risk from the supply base. It provides critical information to categorize suppliers by spend, product/service, industry and geography, and enables procurement executives to use that information to create a short list of target suppliers. It allows the procurement organization to enrich the supplier information with data from external sources and internal supplier performance metrics, so a clear risk assessment of the short list of suppliers can be done and programs can be put in place. Hence, investment in spend analysis is the starting point to a comprehensive supply risk management initiative. First Step in Spend Analysis is Making the Data Ready However, spend analysis is not just about running analytics on top of procurement data with your ERP system. Spend data lies within multiple systems within the company and so it needs to be aggregated to get visibility into overall spend. A supplier's name may be coded differently in different systems -- a common occurrence. Due to different codes used to
describe the same product/service across different systems, it is not possible to get an aggregate view into how much has been spent on that or similar items without adding a corresponding industry classification code for each item in every transaction record. Finally, relationships between suppliers are rarely identified within various systems. For example, your system may not tell you that Lab Equipment, Inc. is a subsidiary of Lab Supplies, Inc. If it did, you would realize that you have greater spend with and risk from that supplier Due to the data issues listed above, it is not possible to do an accurate and comprehensive analysis of spend by simply bringing data from various systems into a spreadsheet or a Business Intelligence system and performing the analysis. The data has to be cleansed to remove errors, normalized to ensure suppliers are represented in a consistent manner, and finally enriched with classification data, subsidiary relationships, supplier performance data, etc. Only then the analysis can be done on the data to yield an accurate picture of the overall spend. Once data has been cleansed, normalized and enriched, it is now ready to be analyzed to identify risk to a company from its supply base. For example, in one scenario we can classify suppliers by categories such as total spend, product, industry and geography. Ability to classify suppliers along these dimensions allows a procurement executive to identify all those suppliers where they are either buying large volumes or those suppliers where they are sole-sourcing or those suppliers providing critical components/commodities. This analysis allows them to prepare a shortlist of suppliers that need to be evaluated and monitored for risk. The classification also provides immediate visibility into those suppliers who are associated with either an industry or a product group that increases their exposure from issues such as quality; commodity and labor shortages; price fluctuations; environmental and safety issues; and supply/demand imbalances. It also quickly clusters suppliers by their geographical risks such as political issues, infrastructure difficulties, and currency fluctuations. By analyzing data along these dimensions, procurement executives are able to create a shortlist of suppliers that need to be closely monitored. Companies that do not use the spend analysis tools end up sorting their suppliers only based on approximate aggregate spend with them and focus their attention on the top 20% of suppliers that make up 80% of the spend. But, low spend suppliers can be a source of significant risk as well. A cheap part in an expensive engine can cause the engine to fail. Data theft enabled by poor security practices of a small IT provider can cause irreparable damage to a retailer's brand and lead to lawsuits. Using spend analysis, procurement organizations can do a comprehensive analysis of their supply base across multiple
dimensions such as spend, products purchased, number of other suppliers for the same product, location of plants, supplier/part quality, supplier shipment performance, etc to identify suppliers than pose risk. There's no measurable return from a supplier risk management initiative unless the risk materializes and you can quantify the avoided loss. Until then, it's only possible to estimate the impact using a metric that takes the probability of the risk and the expected magnitude of the loss. In addition, it is important to remember that even the most successful risk management programs only reduce the impact of a risk, they do not eliminate it. However with a good supplier risk program, you are on your way to reducing the business risk for your organization. With initial supplier risk evaluation, based on data from spend analysis, you can start the process for reducing the risk from weak suppliers within your supply base in this economic environment.

Recommended

An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsAn industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsGrant Thornton LLP
 
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...Grant Thornton LLP
 
SupplyChainRiskAreas
SupplyChainRiskAreasSupplyChainRiskAreas
SupplyChainRiskAreasJeremy Castle
 
Key Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsKey Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsColleen Beck-Domanico
 
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Third Party Risk Management
 
The Hazards of Vendor Management - presented to NC Bankers Association by Ric...
The Hazards of Vendor Management - presented to NC Bankers Association by Ric...The Hazards of Vendor Management - presented to NC Bankers Association by Ric...
The Hazards of Vendor Management - presented to NC Bankers Association by Ric...Poyner Spruill LLP, Attorneys
 
Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Grant Thornton LLP
 
2018 Compliance Risk Study: Financial Services
2018 Compliance Risk Study: Financial Services 2018 Compliance Risk Study: Financial Services
2018 Compliance Risk Study: Financial Services Accenture Insurance
 

Recommended

An industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsAn industrial approach to risk and control self-assessments
An industrial approach to risk and control self-assessmentsGrant Thornton LLP
 
CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...CCAR & DFAST: How to incorporate stress testing into banking operations + str...
CCAR & DFAST: How to incorporate stress testing into banking operations + str...Grant Thornton LLP
 
SupplyChainRiskAreas
SupplyChainRiskAreasSupplyChainRiskAreas
SupplyChainRiskAreasJeremy Castle
 
Key Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsKey Challenges Facing Vendor Risk Management Programs
Key Challenges Facing Vendor Risk Management ProgramsColleen Beck-Domanico
 
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...
DVV Solutions Central Bank of Ireland Outsourcing discussion paper response 1...DVV Solutions Third Party Risk Management
 
The Hazards of Vendor Management - presented to NC Bankers Association by Ric...
The Hazards of Vendor Management - presented to NC Bankers Association by Ric...The Hazards of Vendor Management - presented to NC Bankers Association by Ric...
The Hazards of Vendor Management - presented to NC Bankers Association by Ric...Poyner Spruill LLP, Attorneys
 
Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Taking the road to advanced approaches and heightened standards in risk manag...
Taking the road to advanced approaches and heightened standards in risk manag...Grant Thornton LLP
 
2018 Compliance Risk Study: Financial Services
2018 Compliance Risk Study: Financial Services 2018 Compliance Risk Study: Financial Services
2018 Compliance Risk Study: Financial Services Accenture Insurance
 
Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & GovernanceEDR
 
Ia perspective-on-supply-chain-risk
Ia perspective-on-supply-chain-riskIa perspective-on-supply-chain-risk
Ia perspective-on-supply-chain-riskM Zaki Rahmani
 
Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Deloitte UK
 
Study ROI of Supply Chain Risk Management (riskmethods Nov 2014)
Study ROI of Supply Chain Risk Management (riskmethods Nov 2014)Study ROI of Supply Chain Risk Management (riskmethods Nov 2014)
Study ROI of Supply Chain Risk Management (riskmethods Nov 2014)Heiko Schwarz
 
CAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growthCAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growthGrant Thornton LLP
 
Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016jennyhollingworth
 
Cloud Securiy: A Vendor Risk Management Perspective
Cloud Securiy: A Vendor Risk Management PerspectiveCloud Securiy: A Vendor Risk Management Perspective
Cloud Securiy: A Vendor Risk Management PerspectiveArgyle Executive Forum
 
CostofCompliance_2016.compressed
CostofCompliance_2016.compressedCostofCompliance_2016.compressed
CostofCompliance_2016.compressedConor Coughlan
 
the-supply-chain-the-cfo-crystal-ball
the-supply-chain-the-cfo-crystal-ballthe-supply-chain-the-cfo-crystal-ball
the-supply-chain-the-cfo-crystal-ballSokho TRINH
 
data and_its_role_in_operational_risk_management
data and_its_role_in_operational_risk_managementdata and_its_role_in_operational_risk_management
data and_its_role_in_operational_risk_managementLaxmi Bank
 
Risk Monitoring and Management Trends In Commodities
Risk Monitoring and Management Trends In CommoditiesRisk Monitoring and Management Trends In Commodities
Risk Monitoring and Management Trends In CommoditiesCTRM Center
 
2017 Linedata Global Asset Management Survey
2017 Linedata Global Asset Management Survey 2017 Linedata Global Asset Management Survey
2017 Linedata Global Asset Management Survey Linedata
 
Spend Analytics in the Mid-Market: The Real Story
Spend Analytics in the Mid-Market: The Real Story Spend Analytics in the Mid-Market: The Real Story
Spend Analytics in the Mid-Market: The Real Story Mark Usher
 
Third Party Risk Management Introduction
Third Party Risk Management IntroductionThird Party Risk Management Introduction
Third Party Risk Management IntroductionNaveen Grover
 
Supply Chain Risk Management 2015 Summary Charts
Supply Chain Risk Management 2015 Summary ChartsSupply Chain Risk Management 2015 Summary Charts
Supply Chain Risk Management 2015 Summary ChartsLora Cecere
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksMHM (Mayer Hoffman McCann P.C.)
 
Point of View on Demand Organisation Development
Point of View on Demand Organisation DevelopmentPoint of View on Demand Organisation Development
Point of View on Demand Organisation DevelopmentMarjolein Dijkshoorn
 
The Global Supply Chain Ups the Ante for Risk Management
The Global Supply Chain Ups the Ante for Risk ManagementThe Global Supply Chain Ups the Ante for Risk Management
The Global Supply Chain Ups the Ante for Risk ManagementLora Cecere
 
Managing Today’s Supply Chain
Managing Today’s Supply ChainManaging Today’s Supply Chain
Managing Today’s Supply Chainmubarak2009
 
Career planning
Career planningCareer planning
Career planningmsaeed93
 
123
123123
123goodbean
 
CCS Role in Global Emission Reductions Bo Diczalusy IEA
CCS Role in Global Emission Reductions Bo Diczalusy IEACCS Role in Global Emission Reductions Bo Diczalusy IEA
CCS Role in Global Emission Reductions Bo Diczalusy IEAGlobal CCS Institute
 

More Related Content

What's hot

Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & GovernanceEDR
 
Ia perspective-on-supply-chain-risk
Ia perspective-on-supply-chain-riskIa perspective-on-supply-chain-risk
Ia perspective-on-supply-chain-riskM Zaki Rahmani
 
Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Deloitte UK
 
Study ROI of Supply Chain Risk Management (riskmethods Nov 2014)
Study ROI of Supply Chain Risk Management (riskmethods Nov 2014)Study ROI of Supply Chain Risk Management (riskmethods Nov 2014)
Study ROI of Supply Chain Risk Management (riskmethods Nov 2014)Heiko Schwarz
 
CAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growthCAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growthGrant Thornton LLP
 
Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016jennyhollingworth
 
Cloud Securiy: A Vendor Risk Management Perspective
Cloud Securiy: A Vendor Risk Management PerspectiveCloud Securiy: A Vendor Risk Management Perspective
Cloud Securiy: A Vendor Risk Management PerspectiveArgyle Executive Forum
 
CostofCompliance_2016.compressed
CostofCompliance_2016.compressedCostofCompliance_2016.compressed
CostofCompliance_2016.compressedConor Coughlan
 
the-supply-chain-the-cfo-crystal-ball
the-supply-chain-the-cfo-crystal-ballthe-supply-chain-the-cfo-crystal-ball
the-supply-chain-the-cfo-crystal-ballSokho TRINH
 
data and_its_role_in_operational_risk_management
data and_its_role_in_operational_risk_managementdata and_its_role_in_operational_risk_management
data and_its_role_in_operational_risk_managementLaxmi Bank
 
Risk Monitoring and Management Trends In Commodities
Risk Monitoring and Management Trends In CommoditiesRisk Monitoring and Management Trends In Commodities
Risk Monitoring and Management Trends In CommoditiesCTRM Center
 
2017 Linedata Global Asset Management Survey
2017 Linedata Global Asset Management Survey 2017 Linedata Global Asset Management Survey
2017 Linedata Global Asset Management Survey Linedata
 
Spend Analytics in the Mid-Market: The Real Story
Spend Analytics in the Mid-Market: The Real Story Spend Analytics in the Mid-Market: The Real Story
Spend Analytics in the Mid-Market: The Real Story Mark Usher
 
Third Party Risk Management Introduction
Third Party Risk Management IntroductionThird Party Risk Management Introduction
Third Party Risk Management IntroductionNaveen Grover
 
Supply Chain Risk Management 2015 Summary Charts
Supply Chain Risk Management 2015 Summary ChartsSupply Chain Risk Management 2015 Summary Charts
Supply Chain Risk Management 2015 Summary ChartsLora Cecere
 
Point of View on Demand Organisation Development
Point of View on Demand Organisation DevelopmentPoint of View on Demand Organisation Development
Point of View on Demand Organisation DevelopmentMarjolein Dijkshoorn
 
The Global Supply Chain Ups the Ante for Risk Management
The Global Supply Chain Ups the Ante for Risk ManagementThe Global Supply Chain Ups the Ante for Risk Management
The Global Supply Chain Ups the Ante for Risk ManagementLora Cecere
 
Managing Today’s Supply Chain
Managing Today’s Supply ChainManaging Today’s Supply Chain
Managing Today’s Supply Chainmubarak2009
 

What's hot (19)

Third-Party Oversight & Governance
Third-Party Oversight & GovernanceThird-Party Oversight & Governance
Third-Party Oversight & Governance
 
Ia perspective-on-supply-chain-risk
Ia perspective-on-supply-chain-riskIa perspective-on-supply-chain-risk
Ia perspective-on-supply-chain-risk
 
Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018Third-party Governance and Risk Management - 2018
Third-party Governance and Risk Management - 2018
 
Study ROI of Supply Chain Risk Management (riskmethods Nov 2014)
Study ROI of Supply Chain Risk Management (riskmethods Nov 2014)Study ROI of Supply Chain Risk Management (riskmethods Nov 2014)
Study ROI of Supply Chain Risk Management (riskmethods Nov 2014)
 
CAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growthCAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growth
 
Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016Top Internal Audit Priorities for Financial Services Organizations, 2016
Top Internal Audit Priorities for Financial Services Organizations, 2016
 
Cloud Securiy: A Vendor Risk Management Perspective
Cloud Securiy: A Vendor Risk Management PerspectiveCloud Securiy: A Vendor Risk Management Perspective
Cloud Securiy: A Vendor Risk Management Perspective
 
CostofCompliance_2016.compressed
CostofCompliance_2016.compressedCostofCompliance_2016.compressed
CostofCompliance_2016.compressed
 
the-supply-chain-the-cfo-crystal-ball
the-supply-chain-the-cfo-crystal-ballthe-supply-chain-the-cfo-crystal-ball
the-supply-chain-the-cfo-crystal-ball
 
data and_its_role_in_operational_risk_management
data and_its_role_in_operational_risk_managementdata and_its_role_in_operational_risk_management
data and_its_role_in_operational_risk_management
 
Risk Monitoring and Management Trends In Commodities
Risk Monitoring and Management Trends In CommoditiesRisk Monitoring and Management Trends In Commodities
Risk Monitoring and Management Trends In Commodities
 
2017 Linedata Global Asset Management Survey
2017 Linedata Global Asset Management Survey 2017 Linedata Global Asset Management Survey
2017 Linedata Global Asset Management Survey
 
Spend Analytics in the Mid-Market: The Real Story
Spend Analytics in the Mid-Market: The Real Story Spend Analytics in the Mid-Market: The Real Story
Spend Analytics in the Mid-Market: The Real Story
 
Third Party Risk Management Introduction
Third Party Risk Management IntroductionThird Party Risk Management Introduction
Third Party Risk Management Introduction
 
Supply Chain Risk Management 2015 Summary Charts
Supply Chain Risk Management 2015 Summary ChartsSupply Chain Risk Management 2015 Summary Charts
Supply Chain Risk Management 2015 Summary Charts
 
How Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party RisksHow Audit Committees Can Help with Third-Party Risks
How Audit Committees Can Help with Third-Party Risks
 
Point of View on Demand Organisation Development
Point of View on Demand Organisation DevelopmentPoint of View on Demand Organisation Development
Point of View on Demand Organisation Development
 
The Global Supply Chain Ups the Ante for Risk Management
The Global Supply Chain Ups the Ante for Risk ManagementThe Global Supply Chain Ups the Ante for Risk Management
The Global Supply Chain Ups the Ante for Risk Management
 
Managing Today’s Supply Chain
Managing Today’s Supply ChainManaging Today’s Supply Chain
Managing Today’s Supply Chain
 

Viewers also liked

Career planning
Career planningCareer planning
Career planningmsaeed93
 
CCS Role in Global Emission Reductions Bo Diczalusy IEA
CCS Role in Global Emission Reductions Bo Diczalusy IEACCS Role in Global Emission Reductions Bo Diczalusy IEA
CCS Role in Global Emission Reductions Bo Diczalusy IEAGlobal CCS Institute
 
Palestra realizada no SEBRAE/MG em agosto de 2013
Palestra realizada no SEBRAE/MG em agosto de 2013Palestra realizada no SEBRAE/MG em agosto de 2013
Palestra realizada no SEBRAE/MG em agosto de 2013Roberto Dias Duarte
 
Influence of Beliefs and Reflection on Enactment of ELA CCSS_MAPEA Symposium
Influence of Beliefs and Reflection on Enactment of ELA CCSS_MAPEA SymposiumInfluence of Beliefs and Reflection on Enactment of ELA CCSS_MAPEA Symposium
Influence of Beliefs and Reflection on Enactment of ELA CCSS_MAPEA Symposiummrppittman
 
Medard h nelson focus observation notes
Medard h nelson focus observation notesMedard h nelson focus observation notes
Medard h nelson focus observation notesgnonewleaders
 
He Social Entrepreneurship Award 1
He Social Entrepreneurship Award 1He Social Entrepreneurship Award 1
He Social Entrepreneurship Award 1Tracy Bussoli
 

Viewers also liked (7)

Career planning
Career planningCareer planning
Career planning
 
123
123123
123
 
CCS Role in Global Emission Reductions Bo Diczalusy IEA
CCS Role in Global Emission Reductions Bo Diczalusy IEACCS Role in Global Emission Reductions Bo Diczalusy IEA
CCS Role in Global Emission Reductions Bo Diczalusy IEA
 
Palestra realizada no SEBRAE/MG em agosto de 2013
Palestra realizada no SEBRAE/MG em agosto de 2013Palestra realizada no SEBRAE/MG em agosto de 2013
Palestra realizada no SEBRAE/MG em agosto de 2013
 
Influence of Beliefs and Reflection on Enactment of ELA CCSS_MAPEA Symposium
Influence of Beliefs and Reflection on Enactment of ELA CCSS_MAPEA SymposiumInfluence of Beliefs and Reflection on Enactment of ELA CCSS_MAPEA Symposium
Influence of Beliefs and Reflection on Enactment of ELA CCSS_MAPEA Symposium
 
Medard h nelson focus observation notes
Medard h nelson focus observation notesMedard h nelson focus observation notes
Medard h nelson focus observation notes
 
He Social Entrepreneurship Award 1
He Social Entrepreneurship Award 1He Social Entrepreneurship Award 1
He Social Entrepreneurship Award 1
 

Similar to My slides

Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)
Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)
Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)Richard Brooks
 
AI IN SUPPLIER MANAGEMENT: THE NEW FRONTIER IN PROCUREMENT INNOVATION
AI IN SUPPLIER MANAGEMENT: THE NEW FRONTIER IN PROCUREMENT INNOVATIONAI IN SUPPLIER MANAGEMENT: THE NEW FRONTIER IN PROCUREMENT INNOVATION
AI IN SUPPLIER MANAGEMENT: THE NEW FRONTIER IN PROCUREMENT INNOVATIONChristopherTHyatt
 
AI in supplier management - An Overview.pdf
AI in supplier management - An Overview.pdfAI in supplier management - An Overview.pdf
AI in supplier management - An Overview.pdfStephenAmell4
 
Supply Chain Risk Management Step 2: Risk Impact Assessment
Supply Chain Risk Management Step 2: Risk Impact Assessment Supply Chain Risk Management Step 2: Risk Impact Assessment
Supply Chain Risk Management Step 2: Risk Impact Assessment Heiko Schwarz
 
Pharmacovigilance Smart Sourcing Strategy: Vendor Selection for Safety & Risk...
Pharmacovigilance Smart Sourcing Strategy: Vendor Selection for Safety & Risk...Pharmacovigilance Smart Sourcing Strategy: Vendor Selection for Safety & Risk...
Pharmacovigilance Smart Sourcing Strategy: Vendor Selection for Safety & Risk...Covance
 
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...Cognizant
 
Supply Chain optimization & risks factors
Supply Chain optimization & risks factorsSupply Chain optimization & risks factors
Supply Chain optimization & risks factorsAlok Anand
 
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesVendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesContinuity Control
 
Enhancing and Sustaining Business Agility through Effective Vendor Resiliency
Enhancing and Sustaining Business Agility through Effective Vendor ResiliencyEnhancing and Sustaining Business Agility through Effective Vendor Resiliency
Enhancing and Sustaining Business Agility through Effective Vendor ResiliencyCognizant
 
SUPPLY CHAIN RISK MANAGEMENT
SUPPLY CHAIN RISK MANAGEMENTSUPPLY CHAIN RISK MANAGEMENT
SUPPLY CHAIN RISK MANAGEMENTPaul Authachinda
 
How Third Party Risk is Becoming More Challenging in 2023
How Third Party Risk is Becoming More Challenging in 2023How Third Party Risk is Becoming More Challenging in 2023
How Third Party Risk is Becoming More Challenging in 2023360factors
 
Taking Control of the MLR Review Process
Taking Control of the MLR Review ProcessTaking Control of the MLR Review Process
Taking Control of the MLR Review ProcessCognizant
 
Anti-Bribery and Corruption Compliance for Third Parties
Anti-Bribery and Corruption Compliance for Third PartiesAnti-Bribery and Corruption Compliance for Third Parties
Anti-Bribery and Corruption Compliance for Third PartiesDun & Bradstreet
 
Compliance, Risk Management, Licensing
Compliance, Risk Management, LicensingCompliance, Risk Management, Licensing
Compliance, Risk Management, Licensingicomply
 
EAI Compliance Infographic
EAI Compliance InfographicEAI Compliance Infographic
EAI Compliance InfographicIdeba
 

Similar to My slides (20)

Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)
Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)
Vendor Governance - Alyne Operational & Cyber Resilience White Paper (part 2)
 
AI IN SUPPLIER MANAGEMENT: THE NEW FRONTIER IN PROCUREMENT INNOVATION
AI IN SUPPLIER MANAGEMENT: THE NEW FRONTIER IN PROCUREMENT INNOVATIONAI IN SUPPLIER MANAGEMENT: THE NEW FRONTIER IN PROCUREMENT INNOVATION
AI IN SUPPLIER MANAGEMENT: THE NEW FRONTIER IN PROCUREMENT INNOVATION
 
AI in supplier management - An Overview.pdf
AI in supplier management - An Overview.pdfAI in supplier management - An Overview.pdf
AI in supplier management - An Overview.pdf
 
Supply Chain Risk Management Step 2: Risk Impact Assessment
Supply Chain Risk Management Step 2: Risk Impact Assessment Supply Chain Risk Management Step 2: Risk Impact Assessment
Supply Chain Risk Management Step 2: Risk Impact Assessment
 
Pharmacovigilance Smart Sourcing Strategy: Vendor Selection for Safety & Risk...
Pharmacovigilance Smart Sourcing Strategy: Vendor Selection for Safety & Risk...Pharmacovigilance Smart Sourcing Strategy: Vendor Selection for Safety & Risk...
Pharmacovigilance Smart Sourcing Strategy: Vendor Selection for Safety & Risk...
 
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
Enterprise Risk Management: Minimizing Exposure, Fostering Innovation and Acc...
 
Supply Chain optimization & risks factors
Supply Chain optimization & risks factorsSupply Chain optimization & risks factors
Supply Chain optimization & risks factors
 
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesVendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto Series
 
Enhancing and Sustaining Business Agility through Effective Vendor Resiliency
Enhancing and Sustaining Business Agility through Effective Vendor ResiliencyEnhancing and Sustaining Business Agility through Effective Vendor Resiliency
Enhancing and Sustaining Business Agility through Effective Vendor Resiliency
 
SUPPLY CHAIN RISK MANAGEMENT
SUPPLY CHAIN RISK MANAGEMENTSUPPLY CHAIN RISK MANAGEMENT
SUPPLY CHAIN RISK MANAGEMENT
 
Presentation_IA Focus
Presentation_IA FocusPresentation_IA Focus
Presentation_IA Focus
 
How Third Party Risk is Becoming More Challenging in 2023
How Third Party Risk is Becoming More Challenging in 2023How Third Party Risk is Becoming More Challenging in 2023
How Third Party Risk is Becoming More Challenging in 2023
 
Taking Control of the MLR Review Process
Taking Control of the MLR Review ProcessTaking Control of the MLR Review Process
Taking Control of the MLR Review Process
 
ISM final
ISM finalISM final
ISM final
 
bu
bubu
bu
 
Compliance risk management planning 2017-02-mattoon
Compliance risk management planning 2017-02-mattoonCompliance risk management planning 2017-02-mattoon
Compliance risk management planning 2017-02-mattoon
 
Anti-Bribery and Corruption Compliance for Third Parties
Anti-Bribery and Corruption Compliance for Third PartiesAnti-Bribery and Corruption Compliance for Third Parties
Anti-Bribery and Corruption Compliance for Third Parties
 
Memo to CEOs
Memo to CEOsMemo to CEOs
Memo to CEOs
 
Compliance, Risk Management, Licensing
Compliance, Risk Management, LicensingCompliance, Risk Management, Licensing
Compliance, Risk Management, Licensing
 
EAI Compliance Infographic
EAI Compliance InfographicEAI Compliance Infographic
EAI Compliance Infographic
 

My slides

  • 1. To succeed in today’s global economy, businesses face intense pressure to produce and deliver better products and services to the market faster and more efficiently. To achieve this, they need to exchange sensitive information efficiently and extend their business processes to include partners and suppliers across industries and geographies with diverse regulatory environments. Organizations should proactively initiate an information risk management strategy to understand and prioritize risk in a consistent and repeatable way, and then target solutions that map risk profiles to protection levels. Sensitive information assets expose organizations to risks that can damage their reputation, compliance posture, or competitive position. Supplier risk management is an evolving discipline in operations management for manufacturers, retailers, financial services companies and government agencies where the organization is highly dependent on suppliers to achieve business objectives. Outsourcing, globalization, lean supply chain initiatives and supplier rationalization have contributed to a highly fragmented model, where control is often several steps removed from the corporation. While these models have allowed companies to reduce overall costs and expand quickly into new markets, they also expose the company to the risk of a supplier suddenly going bankrupt, closing operations or being acquired. To overcome these challenges, companies mitigate supply chain interruptions and reduce risk with strategies and tactics that address supplier-centric risk at multiple stages in the relationship:  On boarding: Bringing suppliers into the operation with registration that includes:  A centralized supplier registration portal  Integration of third party performance, financial data and predictive indicators into the supplier profile  Monitoring for stability beyond financial data, including:  Criminal and terrorists (i.e. Office of Foreign Assets Control) ties and operational performance  Visibility into potential disruptions caused by geopolitical threats, acts of nature, etc.  Cultivating strategic supplier relationships for the long-term:  Leverage supplier scorecards for continuous improvement  Establish and use benchmarks for measuring supplier performance  Creating a system for collaboration and supplier development  Establish control across the extended enterprise:
  • 2. Create integrated supplier networks  Extend performance management benchmarks to second and third tier suppliers Optimizing Supplier Risk Management Question: How can the bank optimize its vendor risk management efforts? Answer: Conducting business in a world wired for instant connection is constantly changing. It‟s complex - teeming with technology and overflowing with sensitive information. Expectations are that regulatory enforcement for assessing risk of outsourced suppliers will increase, not decrease. The bank‟s responsibility for developing a cost effective due-diligence process for finding and resolving high risk issues is abundantly clear. Does that mean that you need to develop a program that provides due diligence for every outsourced supplier or vendor of the bank? Absolutely not. The expense and low probability of success is much too high. However, by breaking the process into layers (triage), the bank can continually winnow down the list of suppliers to those who constitute high risk to the enterprise. Those suppliers who are „ticking time- bombs‟ are the ones that require immediate attention. For example, the first layer of process is to leverage information already captured by your vendor procurement group which identifies the vendor‟s geography, corporate information, business process, financial reporting, existing compliance practices, and contracts. This will identify many vendors which do not provide an IT or data security risk. Many, if not most third party relationships, do not rely on access to your confidential data and networked connections. The second layer would tap into information available through public sources. This data creates a risk profile based on indicators for business, financial, and geographical factors of the third party. Again, such analysis identifies those third parties‟s that do not require the third, final and more expensive step requiring a focused due diligence process. Probable success in tracking down the high risk supplier from this reduced number of suppliers and vendors then becomes substantially higher. Key Drivers of Successful Supplier Risk Management The global recession proved perhaps the most challenging period ever, or at least since the Great Depression, in terms of managing supplier risk, as companies had to find new ways to both assess that risk and enact mitigation strategies as suppliers struggled to stay solvent. While the worst may be over, in these dynamic times supplier risk management will stay high on the procurement priority list, and companies need a formal process for managing that process. Research shows that on average large companies encounter a major supply chain disruption every 4-5 years. Just this year, for example, network equipment and other high tech companies have battled shortages on very basic electronic components, leading such as Ericsson, Nokia, Alcatel-
  • 3. Lucent and other firms to report pretty significant hits to revenue in Q2 and falling stock prices because they simply couldn’t deliver the goods to customers. The Boston Consulting Group (BGC) recently did a survey of procurement executives around practices and processes for supplier risk management (SRM), an acronym which unfortunately is also used for supplier relationship management. Regardless, Boston Consulting defines supplier risk management as “the use of processes and procedures to offset any risk factors that could interrupt a supplier's ability to provide an organization with needed raw materials, components, or other inputs or services. It says typical risk factors include: financial risks that could affect a supplier's solvency; operational risks that could affect quality, logistics or pricing; market risks related to regulatory and geopolitical events, or changes in commodity prices; major catastrophes and natural disasters; and anything that would compromise a company's brand, intellectual property or proprietary processes. Writing in The Institute for Supply Management’s Inside Supply Management magazine, Boston Consulting’s Robert Tevelson, Petros Paranikas, and Byron Paul say, however, that their research showed ―the majority of companies that do have SRM practices tend to focus only on direct, supplier-driven risks, ignoring those related to market changes, geopolitical issues and other potentially disruptive, external events.‖ Of course, each company and its supply base are subject to different levels and types of risk, depending on the number of available suppliers in a category, where the suppliers are located, how generic versus customized the supplied product is, use of single versus dual or multi-party sourcing strategies, and the way the company itself creates value and goes to market, among other factors. Five Levers for Supplier Risk Management Success BCG has identified five key factors necessary for SRM success. These five are: Engage Top-level Management: This means both that senior procurement leaders must actively show their support for SRM within their organizations, and then also communicate that need to the CEO and executive peers. Yet, BGC’s research showed only 45% of respondents discuss SRM with the organization's executive team on a quarterly basis; 20% never discuss SRM with senior management. Best-in-class companies, BGC says, set up regular SRM reviews that follow a standard format and offer clear escalation procedures when potential problems are flagged. The authors make the strong point that SRM cannot be only the province of the procurement group – the trade-offs and level of risk tolerance must be approached cross-functionally. Segment Suppliers Based on Relative Risk: No company can manage detailed risk assessment and mitigation strategies across thousands or even hundreds of suppliers. So, procurement organizations must pick the most important suppliers to focus on, but too often this is done by ―gut feel‖ rather than a formal categorization process. ―Best-in-class companies take a more formal approach, dividing suppliers into different risk categories based on predetermined criteria such as financial health, supply of critical
  • 4. components, supplier value-add, supplier power, time to switch and industry outlook,‖ BGC says. ―These risk assessments are refreshed at least annually, and, in some instances, every quarter. High-risk suppliers are reviewed more often, so that issues are identified early and quick action can be taken.‖ Not surprisingly, the authors say, more frequent risk assessment is linked to more successful risk identification. Rigorously Measure and Manage Risk: Even though it has become well understood that companies need to assess both the probability of a supply disruption and the level of financial impact the disruption might cause, BGC’s research found only 40% of respondents were satisfied that their companies could effectively quantify the likelihood and impact of key risks. BGC says companies need to add more ―rigor‖ to the risk assessment process, and do a better job collecting cross-functional data that might help identify an emerging supplier problem earlier (for example, are key personnel leaving the supplier?). Collaborate with Key Suppliers: Complex, global supply chains require higher levels of collaboration. So do very ―lean‖ supply chains (and who doesn’t have one of those these days?), where disruptions can quickly lead to operational and financial problems. The key point: ―Companies such as these must understand the risks of the entire supply chain, not just of individual suppliers. Yet few can single-handedly take on the substantial cost of managing risk across the board. Collaboration is critical,‖ the BGC consultants say. The research found few companies say that their companies actively collaborate with suppliers to manage risk. Give Category Managers Tools and Training: As with many things, most companies agree that supplier risk management is essential, yet the survey showed few companies effectively educate their senior leaders and category managers on how to do it well. The research showed two-thirds of respondents reported that their companies failed to provide even one full day of risk management training, and most expressed dissatisfaction with current programs company training programs on the subject. Technology support tools are equally lacking, though BGC says a few companies have complex tools that can track the potential impact of a single event in one location — such as a tornado in Kansas — on all aspects of the supply chain. ―SRM is challenging and requires a proactive, customized approach to get it right,‖ the BGC authors conclude. ―Understanding your company's model, based on your source of competitive advantage and degree of supply chain complexity, reveals critical best practices. These, combined with the five levers for success, can help your company stay ahead of potential supplier problems.‖ Third Party Risk Management and Vendor Compliance Third Party Risk Management is rapidly growing in importance as organizations increasingly turn to outsource providers to reduce operating costs and increase their focus on core competencies. Amid the benefits of outsourcing, there lies a significant risk. Simply stated, liability cannot be outsourced.
  • 5. Compounding this dilemma, regulators including OIG, OCC, FFIEC and others are increasing their focus on potential third party risks. They want to see organizations proactively identifying potential risks, verifying that business partners, providers and their employees are compliant, monitoring for changes that might create new risks or compliance gaps, and managing the investigation and remediation of incidents. The Third Party Risk Management solution from Compliance 360 helps organizations address these critical requirements. With Compliance 360 Third Party Risk Management, you have a complete platform for automating the essential processes and proactively ensuring vendor compliance. Implementing Supplier Risk Management: A Phased Approach As a follow-up to Frank Gaibor‟s February blog post, “Improving Life Science Supplier Risk Management Programs – Were you prepared for the volcano?”, I want to briefly discuss the implementation of Supplier Risk Management as fully outlined in our Pharmaceutical Manufacturing Magazine March 2011 article “Vital Links: Supply Risk Monitoring”. Life Science companies face an incredible range of risks in their business environment and should adopt a holistic approach to assessing and monitoring key supplier risks. Implementation of this approach can be broken down into three phases: Phase I: Prioritization When establishing a supplier risk monitoring program, organizations should look to prioritize the suppliers included in the program. If organizations tried to monitor all suppliers across different risk areas, supply chain managers would be overburdened with the sheer volume of information. As part of phase I, organizations should look to identify their information requirements and map them to the various specialized business information providers. Phase II: Continuous Monitoring and Analysis The changing business and regulatory landscape increasingly requires organizations to proactively identify supplier risks. To do this requires continuous monitoring of key suppliers. To alleviate the burden of continuous assessment, there are many well established risk management tools, that when applied properly, can quickly assess risks and support the development of targeted solutions. Phase III: Information Aggregation and Reporting One of the key challenges associated with collecting large amounts of information on a continuous basis is aggregating the information in a clear and succinct manner. Information will be coming in from various news sources at different times and frequency. This requires
  • 6. organizations to establish processes and supporting IT infrastructures to collect and manage supplier risk information. One innovative approach to information management is the utilization of shared portals as a central repository of supplier information. Establishing a supplier risk monitoring program requires organizational commitment, resource investment and a change in mindset. Many organizations believe their current approach for auditing suppliers, with its narrow focus on compliance risk factors, is an effective method for managing supplier risk. In reality, they are only managing a fraction of overall supplier risk. Organizations which adopt and implement a comprehensive supplier risk monitoring program will have visibility into a broad spectrum of overall supplier risk factors, not just compliance and will ensure they are able to continuously supply patients with their life saving therapies. Benefits: Reducing supplier risk can:  Give insight to manufacturers to create defensive and offensive strategies that turn risk into a competitive advantage.  Help determine whether or not it is beneficial for a company to conduct a customer intervention and know in advance what the potential outcomes might be for an intervention.  Improve competitive position in the market.  Lower supplier costs.  Position manufacturers to better address customer needs by addressing supplier vulnerabilities before they become apparent.
  • 7. In this macroeconomic climate, whether you are a product or a services company, your key suppliers may find demand for their own products and services falling at an alarming rate. Unknown to you, such suppliers may have become financially unhealthy. Operating in such an environment, your business operations can be disrupted unexpectedly by the failure of one supplier and can cause significant harm to you. As a result, procurement organizations, which have historically focused on securing products and services of the best quality at the lowest possible cost for their operations, are also being tasked with evaluating, monitoring, and managing the risk from the supply base. To ensure that they are able to consistently evaluate and manage supplier risk, procurement executives need very clear visibility into their spend with each of their suppliers at various levels of detail -- how much are they spending with each supplier, what products and services are they buying from which supplier, what is the split of a product's purchase across multiple suppliers that you buy from, what regions is each supplier shipping/servicing from, what is the trend line of various operational, financial and legal risk metrics for each supplier, who are their suppliers, how are the various suppliers linked at different tiers, etc. Spend Analysis provides procurement executives clear visibility into answers to such questions. Spend analysis is the process of determining what is being spent, with whom, and for what. Such an insight is typically used to identify opportunities for cost reduction such as rationalizing supply base, increasing contract compliance, and reducing maverick spending. However, spend visibility is also critical in determining the risk from the supply base. It provides critical information to categorize suppliers by spend, product/service, industry and geography, and enables procurement executives to use that information to create a short list of target suppliers. It allows the procurement organization to enrich the supplier information with data from external sources and internal supplier performance metrics, so a clear risk assessment of the short list of suppliers can be done and programs can be put in place. Hence, investment in spend analysis is the starting point to a comprehensive supply risk management initiative. First Step in Spend Analysis is Making the Data Ready However, spend analysis is not just about running analytics on top of procurement data with your ERP system. Spend data lies within multiple systems within the company and so it needs to be aggregated to get visibility into overall spend. A supplier's name may be coded differently in different systems -- a common occurrence. Due to different codes used to
  • 8. describe the same product/service across different systems, it is not possible to get an aggregate view into how much has been spent on that or similar items without adding a corresponding industry classification code for each item in every transaction record. Finally, relationships between suppliers are rarely identified within various systems. For example, your system may not tell you that Lab Equipment, Inc. is a subsidiary of Lab Supplies, Inc. If it did, you would realize that you have greater spend with and risk from that supplier Due to the data issues listed above, it is not possible to do an accurate and comprehensive analysis of spend by simply bringing data from various systems into a spreadsheet or a Business Intelligence system and performing the analysis. The data has to be cleansed to remove errors, normalized to ensure suppliers are represented in a consistent manner, and finally enriched with classification data, subsidiary relationships, supplier performance data, etc. Only then the analysis can be done on the data to yield an accurate picture of the overall spend. Once data has been cleansed, normalized and enriched, it is now ready to be analyzed to identify risk to a company from its supply base. For example, in one scenario we can classify suppliers by categories such as total spend, product, industry and geography. Ability to classify suppliers along these dimensions allows a procurement executive to identify all those suppliers where they are either buying large volumes or those suppliers where they are sole-sourcing or those suppliers providing critical components/commodities. This analysis allows them to prepare a shortlist of suppliers that need to be evaluated and monitored for risk. The classification also provides immediate visibility into those suppliers who are associated with either an industry or a product group that increases their exposure from issues such as quality; commodity and labor shortages; price fluctuations; environmental and safety issues; and supply/demand imbalances. It also quickly clusters suppliers by their geographical risks such as political issues, infrastructure difficulties, and currency fluctuations. By analyzing data along these dimensions, procurement executives are able to create a shortlist of suppliers that need to be closely monitored. Companies that do not use the spend analysis tools end up sorting their suppliers only based on approximate aggregate spend with them and focus their attention on the top 20% of suppliers that make up 80% of the spend. But, low spend suppliers can be a source of significant risk as well. A cheap part in an expensive engine can cause the engine to fail. Data theft enabled by poor security practices of a small IT provider can cause irreparable damage to a retailer's brand and lead to lawsuits. Using spend analysis, procurement organizations can do a comprehensive analysis of their supply base across multiple
  • 9. dimensions such as spend, products purchased, number of other suppliers for the same product, location of plants, supplier/part quality, supplier shipment performance, etc to identify suppliers than pose risk. There's no measurable return from a supplier risk management initiative unless the risk materializes and you can quantify the avoided loss. Until then, it's only possible to estimate the impact using a metric that takes the probability of the risk and the expected magnitude of the loss. In addition, it is important to remember that even the most successful risk management programs only reduce the impact of a risk, they do not eliminate it. However with a good supplier risk program, you are on your way to reducing the business risk for your organization. With initial supplier risk evaluation, based on data from spend analysis, you can start the process for reducing the risk from weak suppliers within your supply base in this economic environment.