The Risk Performance and Compliance Category

A Guide to Supply Risk Management and Compliance (Including Cyber Risks) in 2018

cyber attack

The World Economic Forum recently released its 13th annual global risks report, predicting the biggest risks that global businesses are likely to face in 2018. Extreme weather events rank top both in terms of potential impact and likelihood. Other top risks included cyberattacks, data fraud and economic bubbles. Meanwhile, Spend Matters has been working on updating our Supply Risk Management and Compliance Landscape Definition and Overview for 2018, highlighting the increasing need for investment in supply risk in the cyber and information security (INFOSEC) area.

Investigative Report Details Toxic Gas Poisoning and Other Serious Labor Violations at Key Apple Supplier

China Labor Watch released a lengthy report Tuesday detailing appalling work conditions at Catcher Technology, a supplier of computers, digital cameras and other products to Apple, Dell, HP, IBM and Sony. The factory under investigation, however, is primarily an Apple supplier, producing iPhone frames and MacBook components. Among many other labor violations, China Labor Watch found toxic gas poisoning, unsanitary food, inadequate protective gear and excessive pollution during its investigation of the Catcher factory in Suqian, China, conducted from October 2017 to January 2018.

The 12 Supply Risk Management Disconnects that Destroy Value (Part 1) [PRO]

risk

“Risk” and “risk management” are terms that are like the ultimate Rorschach test in business: they mean many different things to many people. The same applies to the term “value” — and don’t even bring up “supply management.” Even a specific term like “supply risk” has many interpretations (e.g., it’s much more than supplier risk). The problem with this is that if people within a company define various terms differently, then how well will they be collectively managing those areas? Likely not well at all.

Risk management is a strange animal. On one hand, it focuses on “things gone wrong” and hones in on defining and mitigating various external risks that create adverse events in a value chain. On the other hand, those adverse events affect stakeholder-relevant performance (i.e., measurable value). Such performance and value delivery is focused on “things gone right” and reward rather than risk.

The key, therefore, is to realize that risk and reward are inextricably linked. If ensuring delivered value (and improving it over time) from the supply chain and from suppliers is what supply management is all about, then that supply value should not only be expected (i.e., expected value like discussed above) but also protected (i.e., protected value ensured through supply risk management). As a side note, have you ever considered that the concept of “expected value” uses the term “value” even though it is applied heavily to the world of risk management (i.e., calculating the expected probabilities and impacts of various risks)?

Anyway, the imperative becomes ensuring that the most important performance metrics (i.e., KPIs) are protected from risk. Yet these individual KPIs are rarely individually and systematically managed for risk, and the lack of risk-adjusted performance management means that you’re going to be exposed and it will catch up with you eventually. The problem isn’t just bouncing around and applying risk management technique X via tool Y to address risk type Z. There are a dozen fundamental disconnects in most firms that prevent risk management being properly resourced, aligned, managed and improved. Only by unpacking them and addressing them through focused practical interventions can you really get to the root cause issues that are likely keeping your supply risk management efforts suboptimized.

In this Spend Matter PRO series, we will explore 12 critical supply risk management disconnects. This brief, Part 1, focuses on the following four areas:

  1. Risk Scope and Stakeholders
  2. Performance vs. Risk
  3. Risk Type vs. Impact
  4. Risk vs. Cost (e.g., “cost of risk”)
If you’re a practitioner, you should be able to see which disconnects are the biggest issues for you and make yourself more resilient (i.e., ability to mitigate and recover from risks) and predictably high performing. If you’re a consulting organization, you’ll probably find some pointers to improve any methodologies that you have here. And if you’re solution provider, whether in the supply risk management area, or more broadly, you’ll hopefully get some ideas on how to address more strategic pain points.

Economic and Policy Supply Chain: The Non-Invisible Hand [Plus+]

Adam Smith is famous for coining the phrase the “invisible hand” to suggest the collective transparent forces of a market that work together as a whole based on the self-interest of participating members. While Smith used the phrase only a handful of times in his writing, the term has become synonymous with the famous theorist. We can leave the economic theory and philosophizing for another day. The concept itself, however, is clearly valuable: much of what occupies the daily toils of the typical procurement or supply chain manager is directly tied to the broader trade of goods, services and ideas, and ultimately, the pursuit of profit and returns based on the collective set of activities. But what's also equally important to consider is the “non-invisible hand” and how it affects our priorities and overall goals.

Trends in Cybersecurity Risks: Will 2018 See More Indirect Supply Chain Attacks?

cyber attack

2018 may be the year we see more indirect supply chain attacks and compromised industrial control systems, according to a new report from consulting firm Booz Allen Hamilton on trends in cybersecurity risks. In “Foresights 2018,” the report authors outlined nine predictions on what may happen in the world of cybersecurity this year, from outsourced hacking to supply chain infiltration and cryptocurrency theft. We’ll look at a few of these predictions in this post.

GDPR: Basic Facts, Company Preparedness and Gaining a Competitive Advantage

May 25 will be one of the most significant dates this year for many companies, for that is when the EU’s General Data Protection Regulation (GDPR) kicks in. Any organization that holds or uses personal data on a EU citizen, regardless of where the organization itself is based, should have a plan of action. But a number of reports and surveys from the past few months have shown that few companies consider themselves ready for GDPR, and some do not think they will be ready by the May deadline.

Sponsored Article

Have You Lost the Route to Your Legal Archives in the API Economy?

sourcing technology

The corporate journey to using the emerging cloud ecosystem of discrete microservices will see critical business process and transaction evidence archived in disparate third-party storage services. Here’s why, and how, TrustWeaver is working to make sure that such fragmentation doesn’t become a compliance or productivity problem for companies.

Hurricanes, Geopolitics, Cyberattacks and More: Top Risk Posts of 2017

As far as risk goes, if 2016 was characterized by political turbulence, then 2017 was all about disasters, natural and manmade. This past May saw a worldwide ransomware attack that hit more tha 300,000 computers in 150 countries, disrupted hospitals and manufacturing plants, and caused economic losses that are estimated to be in the billions. Then there were the Harvey and Irma hurricanes of late summer and the ongoing California wildfires. And we haven’t even mentioned geopolitics, commodities, finances and all of the other risks out there that need to be on procurement’s radar these days. As part of Spend Matters’ year in review, here are the top risk posts from 2017 that you don’t want to miss.

Predictive Contract Negotiations: Get Full Value From CLM Tools [Plus+]

Contract management is undergoing a transformation, moving from the back of the procurement kitchen to nearly taking center stage. A good part of the reason is the corporate transition from a more passive "risk viewed as lack of compliance" efforts toward a more dynamic and comprehensive approach to risk management. This approach doesn't just examine legal clauses as such. Nor does it merely ensure that agreed upon prices and SLA deliverables are met, although those reasons are obviously part of the equation. There’s more to it — much more. In this Spend Matters Plus research brief, we begin by reviewing the core components of CLM systems, and then we explore the path to predictive contract negotiations, delving into the intersections of big data, predictive analytics and contract management.

State-of-the-Art Business Insurance for Contractors: An Update on Bunker

As a rule, one would not put together “state of the art” and “insurance” in a single statement — but every rule has an exception. We began reporting on Bunker in January 2017 within the context our contingent workforce and services coverage area. (See: Bunker: A New Platform Innovates Business Insurance for Self-Employed/Gig Workers and Contractor Insurance Innovator Bunker Raises $6M in Series A Round.) In this post, we provide an update to our earlier coverage, based on our recent discussion with Chad Nitschke, CEO and co-founder of Bunker.

IC Precheck Gives Independent Contractors a Compliance Shot in the Arm

IC Precheck, a new compliance product aimed at independent contractors (ICs), launched this week. The product, which will be marketed and sold to contractors, provides, as the name implies, a kind of precertification to support or strengthen a contractor’s assertion of independent contractor (1099) classification status. The product is intended to benefit contractors as well as the businesses that engage them.

Sponsored Article

Will Procurement Automation be Transformed by Compulsory Real-Time Tax Controls?

Companies should be preparing for a world where government requirements for real-time transaction controls will be a major force in shaping the business-to-business (B2B) transaction automation systems of the future. With cloud becoming the principal deployment model for managing different types of B2B transactions, this revolution toward much-reduced freedom for companies to specify their process requirements can be expected to transform the way companies interact and contract with solution vendors. Let me explain through a couple of scenarios.