The Risk Performance and Compliance Category

The Modern Contract: Connected Sets of Data

The purpose of almost every business contract is the same: to define the relationship and allocate risk. To effectively do the latter, supply chain managers must manage external risks and internal risks. But even considered separately, the point is that managing both kinds of risk is challenging. With a plate that full and interdependent, is it any wonder that contracts seem to create more operational friction than they’re worth? Why haven’t we figured out that we can’t adjudicate such variability?

The Smart PE Money Knows When to Pay Up: Avetta Gets New Ownership

To say private equity firms have been ogling over procurement technology and solution firms of late is an understatement. The floodgates have been unleashed. Case in point: PE firm Welsh, Carson, Anderson & Stowe announced earlier Wednesday it will acquire a majority interest in Avetta, a supplier compliance and risk management firm, in a deal that likely broke multiple records (double meaning intended) in the procurement solutions market. (Another firm, TCV, will also acquire a minority stake.) The transaction is significant for the procurement technology space for a number of reasons. But perhaps most interesting, it highlights the differing approaches PE firms are taking to buying, operating and selling solution providers, as well as the kinds of business models that have become attractive (and lucrative) to these firms.

A Guide to Supply Risk Management and Compliance (Including Cyber Risks) in 2018

cyber attack

The World Economic Forum recently released its 13th annual global risks report, predicting the biggest risks that global businesses are likely to face in 2018. Extreme weather events rank top both in terms of potential impact and likelihood. Other top risks included cyberattacks, data fraud and economic bubbles. Meanwhile, Spend Matters has been working on updating our Supply Risk Management and Compliance Landscape Definition and Overview for 2018, highlighting the increasing need for investment in supply risk in the cyber and information security (INFOSEC) area.

Investigative Report Details Toxic Gas Poisoning and Other Serious Labor Violations at Key Apple Supplier

China Labor Watch released a lengthy report Tuesday detailing appalling work conditions at Catcher Technology, a supplier of computers, digital cameras and other products to Apple, Dell, HP, IBM and Sony. The factory under investigation, however, is primarily an Apple supplier, producing iPhone frames and MacBook components. Among many other labor violations, China Labor Watch found toxic gas poisoning, unsanitary food, inadequate protective gear and excessive pollution during its investigation of the Catcher factory in Suqian, China, conducted from October 2017 to January 2018.

The 12 Supply Risk Management Disconnects that Destroy Value (Part 1) [PRO]


“Risk” and “risk management” are terms that are like the ultimate Rorschach test in business: they mean many different things to many people. The same applies to the term “value” — and don’t even bring up “supply management.” Even a specific term like “supply risk” has many interpretations (e.g., it’s much more than supplier risk). The problem with this is that if people within a company define various terms differently, then how well will they be collectively managing those areas? Likely not well at all.

Risk management is a strange animal. On one hand, it focuses on “things gone wrong” and hones in on defining and mitigating various external risks that create adverse events in a value chain. On the other hand, those adverse events affect stakeholder-relevant performance (i.e., measurable value). Such performance and value delivery is focused on “things gone right” and reward rather than risk.

The key, therefore, is to realize that risk and reward are inextricably linked. If ensuring delivered value (and improving it over time) from the supply chain and from suppliers is what supply management is all about, then that supply value should not only be expected (i.e., expected value like discussed above) but also protected (i.e., protected value ensured through supply risk management). As a side note, have you ever considered that the concept of “expected value” uses the term “value” even though it is applied heavily to the world of risk management (i.e., calculating the expected probabilities and impacts of various risks)?

Anyway, the imperative becomes ensuring that the most important performance metrics (i.e., KPIs) are protected from risk. Yet these individual KPIs are rarely individually and systematically managed for risk, and the lack of risk-adjusted performance management means that you’re going to be exposed and it will catch up with you eventually. The problem isn’t just bouncing around and applying risk management technique X via tool Y to address risk type Z. There are a dozen fundamental disconnects in most firms that prevent risk management being properly resourced, aligned, managed and improved. Only by unpacking them and addressing them through focused practical interventions can you really get to the root cause issues that are likely keeping your supply risk management efforts suboptimized.

In this Spend Matter PRO series, we will explore 12 critical supply risk management disconnects. This brief, Part 1, focuses on the following four areas:

  1. Risk Scope and Stakeholders
  2. Performance vs. Risk
  3. Risk Type vs. Impact
  4. Risk vs. Cost (e.g., “cost of risk”)
If you’re a practitioner, you should be able to see which disconnects are the biggest issues for you and make yourself more resilient (i.e., ability to mitigate and recover from risks) and predictably high performing. If you’re a consulting organization, you’ll probably find some pointers to improve any methodologies that you have here. And if you’re solution provider, whether in the supply risk management area, or more broadly, you’ll hopefully get some ideas on how to address more strategic pain points.

Economic and Policy Supply Chain: The Non-Invisible Hand [Plus+]

Adam Smith is famous for coining the phrase the “invisible hand” to suggest the collective transparent forces of a market that work together as a whole based on the self-interest of participating members. While Smith used the phrase only a handful of times in his writing, the term has become synonymous with the famous theorist. We can leave the economic theory and philosophizing for another day. The concept itself, however, is clearly valuable: much of what occupies the daily toils of the typical procurement or supply chain manager is directly tied to the broader trade of goods, services and ideas, and ultimately, the pursuit of profit and returns based on the collective set of activities. But what's also equally important to consider is the “non-invisible hand” and how it affects our priorities and overall goals.

Trends in Cybersecurity Risks: Will 2018 See More Indirect Supply Chain Attacks?

cyber attack

2018 may be the year we see more indirect supply chain attacks and compromised industrial control systems, according to a new report from consulting firm Booz Allen Hamilton on trends in cybersecurity risks. In “Foresights 2018,” the report authors outlined nine predictions on what may happen in the world of cybersecurity this year, from outsourced hacking to supply chain infiltration and cryptocurrency theft. We’ll look at a few of these predictions in this post.

GDPR: Basic Facts, Company Preparedness and Gaining a Competitive Advantage

May 25 will be one of the most significant dates this year for many companies, for that is when the EU’s General Data Protection Regulation (GDPR) kicks in. Any organization that holds or uses personal data on a EU citizen, regardless of where the organization itself is based, should have a plan of action. But a number of reports and surveys from the past few months have shown that few companies consider themselves ready for GDPR, and some do not think they will be ready by the May deadline.

Sponsored Article

Have You Lost the Route to Your Legal Archives in the API Economy?

sourcing technology

The corporate journey to using the emerging cloud ecosystem of discrete microservices will see critical business process and transaction evidence archived in disparate third-party storage services. Here’s why, and how, TrustWeaver is working to make sure that such fragmentation doesn’t become a compliance or productivity problem for companies.

Hurricanes, Geopolitics, Cyberattacks and More: Top Risk Posts of 2017

As far as risk goes, if 2016 was characterized by political turbulence, then 2017 was all about disasters, natural and manmade. This past May saw a worldwide ransomware attack that hit more tha 300,000 computers in 150 countries, disrupted hospitals and manufacturing plants, and caused economic losses that are estimated to be in the billions. Then there were the Harvey and Irma hurricanes of late summer and the ongoing California wildfires. And we haven’t even mentioned geopolitics, commodities, finances and all of the other risks out there that need to be on procurement’s radar these days. As part of Spend Matters’ year in review, here are the top risk posts from 2017 that you don’t want to miss.

Predictive Contract Negotiations: Get Full Value From CLM Tools [Plus+]

Contract management is undergoing a transformation, moving from the back of the procurement kitchen to nearly taking center stage. A good part of the reason is the corporate transition from a more passive "risk viewed as lack of compliance" efforts toward a more dynamic and comprehensive approach to risk management. This approach doesn't just examine legal clauses as such. Nor does it merely ensure that agreed upon prices and SLA deliverables are met, although those reasons are obviously part of the equation. There’s more to it — much more. In this Spend Matters Plus research brief, we begin by reviewing the core components of CLM systems, and then we explore the path to predictive contract negotiations, delving into the intersections of big data, predictive analytics and contract management.

State-of-the-Art Business Insurance for Contractors: An Update on Bunker

As a rule, one would not put together “state of the art” and “insurance” in a single statement — but every rule has an exception. We began reporting on Bunker in January 2017 within the context our contingent workforce and services coverage area. (See: Bunker: A New Platform Innovates Business Insurance for Self-Employed/Gig Workers and Contractor Insurance Innovator Bunker Raises $6M in Series A Round.) In this post, we provide an update to our earlier coverage, based on our recent discussion with Chad Nitschke, CEO and co-founder of Bunker.