There’s been some recent activity in the supplier (risk) management and supply chain (risk) management area lately. Take for instance the recent announcements made by supply chain risk vendor Resilinc and an announced partnership between Pool4Tool and Riskmethods. The latter firm is a supply chain risk management product very similar to Resilinc, albeit smaller, earlier in its journey, and focused on the German market (expanding quickly into broader EMEA market). Riskmethods briefed us last year, and they’ve a very unique supply chain risk solution, which we’ll cover in more detail in future posts. However, if your Dutch is good, you can check out Gert van der Heijden’s post here.
Anyway, here's the deal: the “R” and “C” in GRC are fragmented on the supply side, not just in terms of the technology market, but also in how many organizations (particularly large global discrete manufacturers) organize themselves around supply (chain) risk management versus supplier (compliance) management. You would think that supplier compliance, supply risk management, and broader supply risk management would all fit hand in glove (especially with the dozens of supply chain specific regulations out there that I won’t even begin spouting off), but it usually doesn’t. Unfortunately, supplier management is often relegated to a regulatory-compliance driven steady-state supplier engagement workflow for supplier onboarding, certifications, auditing, and periodic monitoring. Meanwhile, supply risk often gets relegated to a periodic analysis exercise for supply/business continuity. It’s like doing periodic supply network design re-design projects (e.g., think of a vendor like Llamasoft) before diving back into day-to-day tactical activities.
This fragmentation then gets manifested into the technology markets where the vendors will tend to focus on these often-siloed stakeholders. I wrote about this the summer before last in my Supply Analytics paper:
The integration between external information, internal analytics, and strategy is nowhere more apparent than in managing supply risk—supplier risk, regulatory risk, competitive risk, IP risk, and so forth. These all are risks that impact supply performance. Managing these risks involves a comprehensive array of analytic techniques, including the following: scenario planning to identify all risk types; Monte Carlo simulation to quantify the probability/impact of adverse risk events; segmentation and visualization as in risk “heat maps”; and predictive analysis to identify, prioritize and mitigate the biggest risks for the least investment. At present, there is no single services or applications provider that incorporates of these capabilities; some assembly will be required.
There still isn’t a single provider, unless you start talking about moving into the broader risk services players. So, convergence is a good thing, and what I mean is doing more than re-skinning a supplier management application with a Geographic Information System (GIS) interface – which is a market with a spectrum of solutions from open source environments (OpenStreetMap) to hardcore GIS (e.g., Esri) to something more packaged like Sourcemap (who we covered here, here, and here ). As my colleague Jason Busch wrote about last fall in his piece We Predict that Geospatial Category & Supplier Management Will Go Mainstream In 2014, the trend is inevitable.
So, Resilinc has a focus on the supply chain risk side and is moving into supporting broader GRC. Meanwhile, Riskmethods (whose founders actually harken from Xcitec, the supplier management solution acquired by Emptoris, now IBM) is partnering with a sourcing and supplier management provider. Expect a lot more of this, but not necessarily partnerships. Riskmethods, Resilinc, Sourcemap, Supply Risk Solutions, and others will make for tempting acquisition targets by larger providers in the procurement and supply market technology market. With the activity happening in supply chain [information] networks right now with many of the “big boy” vendors, time is of the essence.
Thomas Kase and I plan to collaborate on future Plus and PRO research on how practitioner firms can better connect their siloed processes and systems for enterprise GRC, supplier compliance, supplier risk, supplier management, and supply chain risk management. In fact, I wrote a whole paper just on the disconnect between direct procurement and the broader supply chain in 11 processes (and there’s more than that). There are some organizational nuances to this set of issues and I’ll share what I’ve learned from some leading firms who’ve connected some of these dots. If you’re a provider, especially on the supplier management side, you are familiar with this fragmentation and what it means in terms of selling to too many cooks in the kitchen who are cooking different meals and not talking to each other. I wrote about this problem here. So, to do so, you at least need to have a solution that can help them bridge the gaps, even if it's more of an incremental self-funded journey.
If you’re a Spend Matters PRO client, please don’t hesitate to contact me if you’d like to discuss this on the phone.