A Primer on Supply Risk Management and Compliance

risk goranga/Adobe Stock

We’ve published primers on procure-to-pay and supplier management before, but supply risk and compliance is perhaps the topic that is most likely to find itself in the headline of a mainstream newspaper. By the time you read headlines like the ones below, however, something has already gone wrong.

Of course, these are just a few examples from recent years.

While the area of supply risk management is attracting growing interest and investment from procurement organizations, organizations typically deal with risk on a piece-part basis. That is exactly the wrong strategy, argue Spend Matters analysts Jason Busch, Pierre Mitchell and Michael Lamoureux in their latest report, Spend Matters Landscape Definition and Overview: Supply Risk Management and Compliance.

One of their core aims in publishing this analysis, they write, is “to change this perspective and help organizations integrate these supply risk management initiatives more effectively.”

What is Supply Risk Management?

First, let’s define supply risk management and take a quick look at how the area has evolved over the years. In Spend Matters’ definition, the supply risk management market consists of multiple solution areas that are different yet often overlapping. They include:

  • Standalone supplier and supply chain risk management, monitoring and optimization solutions
  • Supplier management solutions
  • Spend analytics solutions (inclusive of risk/financial data enrichment)
  • Risk information/content originators (e.g., supply market intelligence providers)
  • Governance, risk and compliance (GRC) vendors
  • Commodity management solutions
  • Supply chain planning, (re-)design and optimization

Supply risk management emerged as an area to pay attention to in the past two decades, as procurement and finance executives realized that supply disruptions, non-compliance and a host of potential problems lurking in the supply chain can have serious consequences for the business.

Today, procurement organizations are much more risk-aware. Forward-looking companies are using analytics and third-party information (such as risk scores, corporate social responsibility ratings, diversity data, etc.) as intelligence for risk reduction. Analytics can help procurement organizations gain executive support for a risk management program, look at risk data in the context of overall spend and supplier relationships, and do many, many more things.

It can also enable new types of supply risk insurance products. When it comes to supply risk, as Spend Matters analysts suggest, perhaps “we should all think more like insurance and re-insurance firms!”

Supply Risk Management Technology Components

There are six distinctive functional categories to which the technology components of supply risk management solutions can be sorted. We list the categories below, along with a few examples of what they can include (there are many more!):

Core supplier management enablement components

  • Supplier portal and complex registrations
  • Document capture and repository
  • Global support for supplier information gathering at an atomic level

Spend, supplier and risk analytics and reporting

  • Data acquisition
  • Data cleansing and classification
  • Geospatial mapping and reporting of suppliers

Bill of material (BOM)-level reporting and visibility

  • BOM part/SKU extraction and mapping
  • Multi-tier mapping and visualization of relationships and dependencies

Supplier risk intelligence feeds

  • Supplier financial risk intelligence
  • News feeds
  • Global disaster intelligence

Commodity management enablement

  • Commodity price benchmarking
  • Commodity analytics
  • Document management

Supply chain (re-)design and optimization

  • “What if” scenario planning
  • Supply chain modelling to minimize impact of area-based geographic disruptions

As Spend Matters analysts Busch, Mitchell and Lamoureux put it, “organizations … tend to marginalize [supply risk management’s] importance at the executive and board level until after a major risk incident occurs.” But you know better, of course. This is an area requiring constant attention and innovation.

For that reason we encourage you to read our latest free report, Spend Matters Landscape Definition and Overview: Supply Risk Management and Compliance. The report walks you through the evolution and current state of supply risk management and explains how to build a tech-centric foundation to tackle supply risk before your company’s name ends up in an unwanted news headline. The report also gives an introduction to the provider landscape, broken down by area of expertise such as commodity management, spend analytics and supply chain planning.

Share on Procurious

Discuss this:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.