Procurement should be the custodian of risk data.

procurement technologyRisk

Even in the most advanced procurement organisations some questions can still remain a challenge. Who are our suppliers exactly? How do we map our supply chain? How many are SMEs?  Do they all comply with our

requirements?  Do we fully understand potential and actual risks? Which suppliers belong to the same group?  Where might we end up as the next newspaper headline?


Boards are increasingly turning their attention to corporate governance within their organisation, how this extends into their supply chains and the role that procurement departments should play. This has been my consistent experience in recent years, fuelled by increasing legislation, regulation and stronger reputation management to shareholders, clients and of course publically.


The need for a single process for managing supplier risk seems evident but rarely does this happen in organisations – health & safety, CSR, ethics, financial and legal risks for example are often managed by separate departments with supplier data fragmented across an organisation.  I would argue that procurement is the most logical custodian of a single approach to supplier risk management.


Information on supplier risk is used in two key areas; as part of prequalification to determine whether to select a certain supplier or not, and to monitor a supplier during the lifecycle of a contract.  Those organisations where procurement and supply chain management are treated hand-in-hand can find this approach logical and more effective.


Many organisations are turning to cloud technology and outsourcing to provide a better approach to managing supplier risk and supplier information in general. A single web-based supplier registration system ensures all suppliers are held in a single source, even across multiple divisions or countries.  Key supplier data globally can be easily accessed and analysed within a few clicks.


Using a cloud technology solution avoids the often complex issue of existing internal IT systems and processes whilst offering options to exchange data with these systems if desired.  It also makes implementation far more rapid –a desktop or mobile browser is all that is needed.  Cloud technology can also offer significant procurement tools and process efficiencies.


Corporate-level data on all suppliers (e.g. bribery and corruption legislation compliance) can be held in a single location whilst an automated risk-driven “heat map” process can flag specific risk areas and drive a deeper due diligence process that may involve an on-site audit for the highest risk suppliers.  This ensures an organisation-wide consistent approach to managing supplier risk.


Using an outsourced provider can overcome internal resource constraints and provide the most cost effective approach.  Additionally the quality of supplier data can be significantly higher and the use of a third party may afford independence and neutrality favoured by shareholders and clients in particular.  As always though outsourced providers need to be chosen carefully.


There is another dimension to consider – collaborating with your peers to provide a single industry approach.  At first this may seem counter-intuitive but for many industries where there are significant overlaps in supply chains a shared approach increases cost effectiveness further and tends to drive faster supplier risk management outcomes for all – which can only be a good thing.


Philip Foster is a consultant at supplier information and risk management services and consultancy firm Hellios Information.

Philip Foster
Posted by Philip Foster

Want to learn more? Please fill in your details to hear from us.