Beyond Supplier Risk Management: How Procurement Can Take a Leadership Role in Enterprise Risk Management [PRO]

risk adrian_ilie825/Adobe Stock

There is no shortage of news about supply risk in today’s volatile operating market:

 

  • The 12-month LIBOR rate has gone from 2% to over 3% in 2018, and suppliers are beginning to feel a capital squeeze as buyers further stretch their DPO to hoard cash (beyond stock buybacks of course).
  • Brexit continues to loom as a bugbear regarding UK/EU trade. More broadly, geopolitical risk continues to escalate in the Middle East, Eastern Europe, Central America and the South China Sea.
  • S. trade policy still swings wildly at the press of a POTUS tweet, and so do commodity prices and volatility in general. The VIX index has spiked up 65% in the last 60 days alone.
  • Natural disasters driven by climate change are becoming commonplace and calamitous.
  • Competitive risks are sprouting up as digital disruption is creeping into almost every industry sector — and as monopolies “becomes features rather than bugs” with ongoing market consolidation. In response, compliance regimes like GDPR continue to crop up although enforcement is highly variable by region and country.
  • Cyber risk continues to be the most omnipresent risk that organizations are experiencing cross-industry while everyone is flocking to the cloud in record numbers.

So, enterprise risk management should be alive and well. And, logically, supply chain and procurement executives need to be increasingly prepared to work with their internal business partners to reduce this risk and defend the proverbial gates to keep the risks at bay.

Unfortunately, the castle walls are often not well-guarded because the sentries are not getting paid to do so. Procurement organizations in particular suffer from a misalignment between missing incentives for reducing supply risk and zealous Finance-driven incentives for increasing supply reward in the form of narrow purchase cost savings. Regarding the latter, nearly all groups get measured on purchase cost reductions, but only 41% get formal credit for saving money during the sourcing process when there is no initial cost baseline. However, only 8% of procurement organizations get such “hard credit” for reducing supply risk.

Part of the challenge here is that from an enterprise risk management (ERM) standpoint, there is a broader disconnect between evaluating enterprise risk overall versus extending those risk factors in a cohesive manner out to the supply chain and also out to the supply base (via spend categories and then to individual suppliers) where contracts are signed that hopefully help mitigate most supplier risks. There are four “translations” here where alignment gets lost, and to make matters worse, the risk types being managed are highly fragmented, if addressed at all — especially when various stakeholders are in the same boat as procurement regarding not getting credit (and commensurate resources/investment) regarding supply risk. Risk management gets viewed as a glorified insurance policy and set of “check the box” regulatory compliance mandates rather than a sound approach to bringing risk into the value equation (i.e., protecting the value streams of importance through the value chain).

So, the question becomes how can procurement help solve this when so much seems outside its control? And why even pursue it when there are other things to focus on like hitting savings targets?

The answer lies in deftly “connecting the dots” between enterprise risk and supply risk so that various stakeholders like GRC, internal audit, external auditors, divisional presidents, etc. can not only extend their reach into the extended supply chain, but can also be tapped to help bring some corporate power (and resources) to bear and help drive some changes internally and with your suppliers.

In this installment of Spend Matters PRO, we’ll dive into some best practices for gaining this multi-pronged alignment and also how to align supply risk management within various points of the source-to-pay (S2P) process itself. And, of course, if you want to see how various providers handle supply risk, whether S2P suite providers, or more specialized supplier management providers, then definitely check out our SolutionMaps in these respective areas here and here.

For full access to this PRO content: