Risk Performance and Compliance Content

How risk, technology reshape the CFO role

Traditionally, chief financial officers have spent their time poring over budgets, auditing seemingly everything and ensuring compliance. In today’s fast-paced, technology-driven world, their role is shifting, incorporating strategic planning, risk management and predictive analytics.

To find out what CFOs are facing and how they’re making changes, the survey “The Strategic CFO: Thriving with Risk” compiles the answers from 500 CFOs and global financial executives about their evolving experiences. The survey was prepared by The Wall Street Journal Custom Content group in association with Coupa, a business spend management technology solutions provider. In a webinar, Coupa CFO Todd Ford and Wall Street Journal contributor Rosa Harris discuss finance’s role as it tries to take on risk and other findings from the survey.

Cloud AP Automation: Where Transparency and Security Intersect

cyber attack

Spend Matters welcomes this guest post from Laurent Charpentier, COO and chief innovation officer at Yooz Inc.

When it comes to information security, there might appear to be a dichotomy between what many providers boast as an AP automation solution that is both transparent and secure. A dichotomy because typically when we think of secure, we imagine things like being locked in a file cabinet, stored in a bank vault or safe, accessed by only certain people with biometric verification. That doesn’t sync up with something that is transparent — fully visible and easily accessible. But actually, transparency and security overlap more than you think when it comes to today’s smart AP automation solutions.

After EcoVadis’ Sustain 2019: Company Update, Solution Overview and Technology Enhancements (Part 1) [PRO]

sustainable

This week, Spend Matters founder and analyst team member Jason Busch represented the Spend Matters team at the EcoVadis Sustain 2019 customer conference in Paris, where about 500 attendees gathered.

EcoVadis, a sustainability/CSR solutions provider that combines ratings content (CSR focused) and a technology platform, is not so dissimilar from providers such as Avetta and ISNetworld, albeit that it focuses on vendor sustainability practices and metrics rather than general compliance/credentialing (e.g., insurance validation) or “pre-qualification” for health and safety.

But like these related firms, EcoVadis is able to take advantage of platform economics (network-based economics) in its business model by qualifying and rating suppliers a single time — with yearly updates — and then leveraging this information across the procurement community. What is special about all of these models is that unlike pure-play technology solutions (e.g., supplier information management) or even general risk management offerings, they tend more toward “winner take all” markets because suppliers carry their credentials with them from customer to customer.

This approaches provides value for all parties and makes switching potential solution providers such as EcoVadis more painful (when alternatives even exist), creating an incentive for buyers and suppliers to remain using the system on a permanent basis. But unlike Avetta (which is growing but still must compete with Achilles and ISNetworld), the only material competition that EcoVadis faces — in a single industry/vertical only — is via the highly specialized, not-for-profit Sedex.

This two-part Spend Matters PRO update provides an overview of what is new at EcoVadis. Today, we provide an update on EcoVadis (overall) and explore its recent solution update and overall platform. An introduction to EcoVadis can be found in our PRO Vendor Snapshot coverage: Background & Solution Overview, Product Strengths & Weaknesses, and Competitive & Summary Analysis.

Avetta, Browz to Merge: Placing Avetta in the Context of Broader Supplier Management and Risk Management Solutions (Part 3) [PRO]

How does Avetta — and its peers, including ISnetworld and Achilles — fit into the broader supplier management and supply/supply chain risk management technology and solutions universe? This Spend Matters PRO research brief provides insight into all of the components that comprise the supplier management and supplier/supply chain risk management sectors. It then attempts to place Avetta in the context of these two, highly complex solutions markets.

Our analysis includes detailed functional and requirements for each of these areas. Just coming up to speed on our analysis of the merger of Avetta and Browz? See our initial Spend Matters PRO Coverage: Avetta, Browz to Merge: Facts, Figures, Solution & Market Overview (Part 1) and Avetta, Browz to Merge: History and the Growth of Community-Oriented, Network Models (Part 2).

Before placing Avetta (and its peers) in the context of these two solution areas, it is essential to create a level-set definition of each. There is often significant overlap between supplier management solutions and supplier/supply chain risk management solutions, both in capability and in terms of the “what” companies are buying. But in short, here’s what they comprise and how they differ.

Avetta, Browz to Merge: History and the Growth of Community-Oriented, Network Models (Part 2) [PRO]

Industry insiders might argue that the growth of Avetta, Browz, ISNetworld and other industry supplier compliance and credentialing solutions like VendorMate (now part of GHX), GRMS and Hellios should never have been allowed to reach escape velocity owing to the first mover advantage that Achilles had on this market overall. But playing armchair supplier credentialing, pre-validation and certification vendor quarterback is nowhere near as useful an exercise as explaining the history of this market and how it became the largest procurement solutions sector that most buyers know little if anything about — yet is of critical strategic (and growing) importance.

So join us as we provide a history lesson about how this market came about and the value levers it created for buyers and suppliers. This investigation includes exploring how the sector in which Avetta competes can serve as a complement to other supplier management and risk management areas too (which we’ll tackle in more detail in the next research brief in this series).

If you’re just coming up on this market and the merger of Browz and Avetta, read the first research brief in this series (Avetta, Browz to Merge: Facts, Solution and Market Overview), which explored the core details and numbers behind the two companies coming together under the Avetta name.

Live Contracts: How Next-Gen CLM Solutions Will Make Contracts More Than Merely ‘Smart’

Enterprise contract management has become one of the hottest areas for digital investment, and rightly so. Because contracts form the foundational system of record for all commercial relationships, it stands to reason that, as business becomes increasingly digital, the foundation must also become digital to keep up.

Yet as companies move from storing contracts in filing cabinets to dedicated contract management software, another question arises: What next?

The advent of artificial intelligence-based technology offerings has promised procurement organizations an era of automated, “smart” contracts that execute predetermined actions when specified conditions are met. Such functionality is attractive, to be sure, but the scope of the smart contract concept is also inherently limiting.

To attain the true benefits that digital transformation is bringing to contract management, procurement organizations must go beyond simply making their contracts smart. Instead, they should strive for a more powerful paradigm: “live” contracts that convert their documents into living, adaptable tools for transaction acceleration, risk management and value creation.

Transparency-One: Vendor Introduction, Analysis and SWOT [PRO]

Procurement and supply chain organizations are facing pressure from consumers, governments and investors to clean up their supply chains. Whether it’s traceability of ingredients (including their source and their quality), assurance that labor and facility conditions are up to code, or proof that emerging compliance standards like modern slavery laws are being met, companies are increasingly being tasked with mapping their entire supply chain while ensuring that suppliers are meeting, and tracking, myriad metrics for safety, sustainability and corporate social responsibility (CSR).

This is the narrative that Transparency-One, a provider of supply chain visibility and compliance tracking solutions, is betting the farm on. (This is apt, because the provider actually models and monitors farms as part of the extended supply chains being tracked within its system.)

Founded in 2016, Transparency-One enables executives in charge of sustainability or responsible sourcing to report accurate supplier and compliance data to sales, marketing and regulatory compliance functions about what’s happening in their supply chains end to end, as well as to map product tracking and quality information down to the lot/batch level.

While many such efforts are already underway at major companies, compliance tracking is often fragmented, with initiatives like conflict minerals compliance managed separately (and in different tools) from the tracking of, say, facility safety certifications. Transparency-One is seeking to bring all of these efforts into a single platform, starting first with the food, retail (e.g., grocery, apparel) and industrial materials (e.g., rubber, chemicals) sectors.

Currently operating in 30 countries and in six languages, Transparency-One counts traceability projects with Intermarché, Carrefour and Mars among its pilot customers. It has offices in Boston and Paris.

This Spend Matters PRO Vendor Introduction offers a candid take on Transparency-One and its capabilities. The brief includes an overview of Transparency-One’s offering, a breakdown of what is comparatively good (and not so good) about the solution, a SWOT analysis and a selection requirements checklist for companies that might consider the provider. It also touches upon graph databases and their use in this supply chain management, supplier management and risk management mashup area.

Addressing CSR and Sustainability Goals Through Improved Indirect Spend Management (Part 1): Background and Challenges

The list of corporate social responsibility (CSR) and sustainability risks in the physical supply chain is long. When securing direct materials, procurement organizations must assess factors from restricted or hazardous substances to the kind of labor that went into raw material extraction and even political restrictions like sanctions on whether companies from certain countries are even allowed to do business with you. Because of these and numerous other potential issues, many companies have begun to focus on identifying and eliminating such risks from their supply chains with the help of third-party CSR data sources and risk-monitoring platforms. But while the value of assessing CSR risks for direct materials spend has gained prominence in recent years, the other side of the procurement coin, indirect spend, has not received nearly as much interest. That’s a shame — and a risk in itself.

Coupa and Hiperos: Supplier Management, Compliance and Risk Landscape Implications [PRO]

This Spend Matters PRO brief explores the competitive implications of the Coupa-Hiperos transaction on the supplier management landscape. The analysis includes summary sector M&A implications and summary landscape/competitive implications. It also explores the potential impact on closer competitors to Hiperos (e.g., Aravo), more distant, network and community oriented peers (e.g., Achilles, Avetta, Browz, etc.); and “sleeping giants” on the periphery of the market such as D&B and Thomson Reuters.

Perhaps most relevant of all, as “compliance as a service” becomes more commonplace as a component of source-to-pay systems in areas ranging from supplier qualification to transactional/invoicing areas, we believe these latter groups may begin to come into contact with Coupa for the first time as the worlds of supplier intelligence and hybrid software, network and compliance collide in a networked manner across various industries.

Understand the Risk Big Picture — A Webinar Looking at 2019 Risks

supply risk

Spend Matters UK/Europe’s final webinar of 2018 will be held Thursday with an eye toward risks for 2019. The event, “Understand the Risk Big Picture,” also is the final webinar for Peter Smith as the site’s managing director. Folks in North America can join at 8 a.m. Central, which is 2 p.m. in the UK.

It is being run with riskmethods — which provides a cloud-based supply chain risk management platform/solution, and founder Heiko Schwarz will be participating in the webinar with Smith. They’ll focus on different types of risk: cyber, reputational, political, natural and supplier financial risks.

Join them Thursday as they look at what procurement can do to improve risk planning and management. Please register here for the webinar — and even if you can’t make that time, registering will mean you get immediate access after the event to listen at your leisure.

Coupa vs. Hiperos: Supplier Management Head-to-Head Comparison

With news this week that Coupa is buying Hiperos, it’s time for a head-to-head comparison. The providers could not be more different in the pragmatic application of their supplier management technology to solving different procurement challenges. But on paper, both providers offer broad-based supplier management capability. And both deliver functional capability that (usually) meets or exceeds the functional benchmark for each of the areas that make up Spend Matters’ Q4 2018 Supplier Relationship Management and Risk SoultionMap. Join us in this unfiltered SolutionMap results analysis from our Q4 2018 dataset, along with the commentary of the Spend Matters analyst team. These head-to-head columns share the insights of each quarterly SolutionMap report for SolutionMap Insider Subscribers, providing unique comparative cuts of SolutionMap benchmark data along with the trademark quips that Spend Matters was better known for in its early years. So buckle your seat belt, prepare for some real data and expect a few sparks to fly as we pit Coupa and Hiperos against each other in the supplier management evaluation ring to understand where each provider is the most appropriate fit.

Not yet an Insider member? Here’s a preview: In a majority of supplier management categories which include master data management (MDM), supplier information management (SIM), supplier portal, supplier initiative management, technology, configurability and services — Coupa convincingly comes out on top. But Hiperos shines in specific areas that make it an ideal fit to enable specific supplier and third-party compliance and risk management scenarios.

Overall, the results suggest that the right solution will vary based on different organizational requirements. You’ll get no argument from us that supplier management selection processes will reward procurement organizations that tailor provider selection to their specific needs. But despite this (needed) debate, the Spend Matters team sees how combining these two solutions offers the potential for the proverbial — yet often elusive — “1+1 = 3” in M&A by enabling procurement, IT, finance and other teams to work together to manage their collective supply base while reducing overall risk. As we’ve noted before, “Using a holistic approach to managing suppliers and spend can shine a proactive light on vulnerabilities, while reducing risk and protecting brand reputation.”

But how will each product enable this? Let’s dig in and put Coupa and Hiperos supplier management capabilities head-to-head.

Beyond Supplier Risk Management: How Procurement Can Take a Leadership Role in Enterprise Risk Management [PRO]

risk

There is no shortage of news about supply risk in today’s volatile operating market:

 

  • The 12-month LIBOR rate has gone from 2% to over 3% in 2018, and suppliers are beginning to feel a capital squeeze as buyers further stretch their DPO to hoard cash (beyond stock buybacks of course).
  • Brexit continues to loom as a bugbear regarding UK/EU trade. More broadly, geopolitical risk continues to escalate in the Middle East, Eastern Europe, Central America and the South China Sea.
  • S. trade policy still swings wildly at the press of a POTUS tweet, and so do commodity prices and volatility in general. The VIX index has spiked up 65% in the last 60 days alone.
  • Natural disasters driven by climate change are becoming commonplace and calamitous.
  • Competitive risks are sprouting up as digital disruption is creeping into almost every industry sector — and as monopolies “becomes features rather than bugs” with ongoing market consolidation. In response, compliance regimes like GDPR continue to crop up although enforcement is highly variable by region and country.
  • Cyber risk continues to be the most omnipresent risk that organizations are experiencing cross-industry while everyone is flocking to the cloud in record numbers.


So, enterprise risk management should be alive and well. And, logically, supply chain and procurement executives need to be increasingly prepared to work with their internal business partners to reduce this risk and defend the proverbial gates to keep the risks at bay.

Unfortunately, the castle walls are often not well-guarded because the sentries are not getting paid to do so. Procurement organizations in particular suffer from a misalignment between missing incentives for reducing supply risk and zealous Finance-driven incentives for increasing supply reward in the form of narrow purchase cost savings. Regarding the latter, nearly all groups get measured on purchase cost reductions, but only 41% get formal credit for saving money during the sourcing process when there is no initial cost baseline. However, only 8% of procurement organizations get such "hard credit" for reducing supply risk.

Part of the challenge here is that from an enterprise risk management (ERM) standpoint, there is a broader disconnect between evaluating enterprise risk overall versus extending those risk factors in a cohesive manner out to the supply chain and also out to the supply base (via spend categories and then to individual suppliers) where contracts are signed that hopefully help mitigate most supplier risks. There are four “translations” here where alignment gets lost, and to make matters worse, the risk types being managed are highly fragmented, if addressed at all — especially when various stakeholders are in the same boat as procurement regarding not getting credit (and commensurate resources/investment) regarding supply risk. Risk management gets viewed as a glorified insurance policy and set of “check the box” regulatory compliance mandates rather than a sound approach to bringing risk into the value equation (i.e., protecting the value streams of importance through the value chain).

So, the question becomes how can procurement help solve this when so much seems outside its control? And why even pursue it when there are other things to focus on like hitting savings targets?

The answer lies in deftly “connecting the dots” between enterprise risk and supply risk so that various stakeholders like GRC, internal audit, external auditors, divisional presidents, etc. can not only extend their reach into the extended supply chain, but can also be tapped to help bring some corporate power (and resources) to bear and help drive some changes internally and with your suppliers.

In this installment of Spend Matters PRO, we’ll dive into some best practices for gaining this multi-pronged alignment and also how to align supply risk management within various points of the source-to-pay (S2P) process itself. And, of course, if you want to see how various providers handle supply risk, whether S2P suite providers, or more specialized supplier management providers, then definitely check out our SolutionMaps in these respective areas here and here.