Back to Hub

A Guide to Supply Risk Management and Compliance (Including Cyber Risks) in 2018

01/23/2018 By

Adobe Stock

The World Economic Forum recently released its 13th annual global risks report, predicting the biggest risks that global businesses are likely to face in 2018. Extreme weather events rank top both in terms of potential impact and likelihood. Other top risks included cyberattacks, data fraud and economic bubbles.

Meanwhile, Spend Matters has been working on updating our Supply Risk Management and Compliance Landscape Definition and Overview for 2018, highlighting the increasing need for investment in supply risk in the cyber and information security (INFOSEC) area.

Many procurement organizations deal with risk on a piece-part basis, but Spend Matters believes that this fragmented approach is the wrong one. A far better strategy, as our analysts Jason Busch, Pierre Mitchell and Michael Lamoureux argue, is a holistic one. That is, you want to have an overarching risk governance model backed by a procurement technology architecture.

Defining Supply Risk Management

Spend Matters analysts define the supply risk management market as consisting of multiple different yet overlapping solution areas. These are the following:

  • Standalone supplier and supply chain risk management, monitoring and optimization solutions
  • Supplier management solutions
  • Spend analytics solutions (inclusive of risk/financial data enrichment)
  • Risk information/content originators (e.g., supply market intelligence providers)
  • Governance, risk and compliance (GRC) vendors
  • Commodity management solutions
  • Supply chain planning, (re-)design and optimization

Next, the analysts sort the various technology components of supply risk management solutions into six distinctive functional categories. Below are the six categories, along with a few examples of what they include:

1. Core supplier management enablement components

  • Onboarding templates and questionnaires that support specific initiatives, including embedded supplier workflows
  • Searches (and reporting) on content inside attached documents
  • Materials-level tracking and traceability

2. Spend, supplier and risk analytics and reporting

  • Procurement and supply chain recommendations based on risk impacts
  • Data cleansing and classification
  • Geospatial mapping and reporting

3. Bill of materials (BOM)-level reporting and visibility

  • BOM part/SKU extraction and mapping
  • Multi-tier mapping and visualization of relationships and dependencies

4. Supplier risk intelligence feeds

  • Social media feeds
  • Currency/FOREX data
  • Supplier financial risk intelligence

5. Commodity management enablement

  • Commodity price benchmarking and forecasting
  • Total cost visibility, including commodity components
  • Credit and counterparty risk management

6. Supply chain (re-)design and optimization

  • Integrated predictive analytics
  • Prescriptive analytics that suggest supply chain designs based on defined goals and constraints
  • Supply chain modeling to minimize impact of area-based geographical disruptions while minimizing costs

What’s Different About This 2018 Edition?

A good supply risk management strategy must support key business, compliance and regulatory requirements, as well as keep up with changes and trends. This is an area that requires regular attention and innovation, and for that reason we encourage you to check out the newest iteration of the Spend Matters Landscape Definition and Overview: Supply Risk Management and Compliance.

There are a few notable changes and updates from last year’s edition. As cybersecurity becomes an increasingly pressing issue for procurement organizations, Spend Matters analysts have updated the landscape report accordingly.

As they explained, “for 2018 in particular, we believe it is important to highlight the rising interest (and need) for investment in supply risk in cyber and information security (INFOSEC) as an area. A greater percentage of manufacturers are expected to suffer attacks in 2018, according to recent reports, and cybercriminals with knowledge and skill in hacking industrial control systems (ICS) pose a big risk ‘to everything from the manufacturing process and server farms to shipping and logistics companies and agricultural systems.’”

Our analysts also updated the lists of solution providers given in the report. These providers are segmented by specialty, such as spend analytics, commodity management, and supply chain planning and optimization.

For example, in the “risk information/content originator” category, which includes vendors that originate, aggregate, analyze or monitor different types of supply risk information, Spend Matters added CyberVadis, a solution developed by EcoVadis that focuses on cybersecurity. In the “supplier management” category of solutions, to cite another example, Spend Matters added LUPR, a new entrant in the supplier management technology market.

Supply risks — and the supply risk management technology market — are constantly evolving, so don’t miss the latest edition of this report, updated specifically for 2018. You can download and read the updated Spend Matters Landscape Definition and Overview: Supply Risk Management and Compliance for free.