The seventh idea that I shared during my “what’s next” presentation at ISM’s Risk Conference in Chicago was invest in “linking services procurement initiatives and risk in the human supply chain to broader supply chain risk management initiatives.” Services procurement (especially outside of contingent labor) has many touch points with existing procurement and risk management processes. These include sourcing (e.g., integrating services procurement into a standard strategic sourcing process) and supplier management (e.g., measuring supplier performance, developing key suppliers, and ensuring contract compliance).
Yet services suppliers can introduce an entire set of risk factors into the supply chain equation that create significant exposure. The most obvious in the US centers on worker classification for contingent suppliers (although regulatory enforcement has been variable). Many other forms of compliance risk exist besides facing additional direct costs through fines and tax liability. These include increasing IP concerns based on contractor access to information (think Edward Snowden), as well as standard on-boarding / off-boarding protocol (e.g., badging and credentialing).
Cyber security is a services procurement risk topic unto itself, especially with increasing levels of both administrative and R&D dollars dedicated to technology largely for off-shore firms and resources. Outsourcing also presents another risk factor, which is insuring adequate “inventory” for virtual goods. What is the “back-up plan” when multiple buying organizations concentrate their spend with specific suppliers or even regions? For example, after a supplier bankruptcy that triggers contingency planning efforts and the shifting of spend to alternative supply options that the same companies all have?
Last, it is critical to remember that with services procurement, managing the entire life cycle is essential for total value (not just cost) and risk reduction. Simply paying attention to one area of the on-boarding process, one type of supplier activity (e.g., logging on, credentials), or general supplier financial risk will do little to reduce a service providers risk profile.