Back to Hub

Risk Management: Can You Keep a Secret?

07/02/2018 By

“The Secret” is a best-selling 2006 self-help book by Rhonda Byrne, based on the pseudoscientific[ law of attraction. Byrne’s book remains a massive bestseller (20 million copies sold in 50 languages). It speaks to the power of visualization in achieving one’s goals in life, using a number of anecdotal examples as evidence.

Let me explain why this book recently became top of mind for me:

I recently wrapped up a project researching the risk management solution market. I’ve lost count of how many different product presentations I’ve seen over the past month. Just assume it was more than a dozen. Yes, I admit it, I ran the gantlet and have emerged a bit jaded. Such is the nature of the risk I took. (Sorry, couldn’t help myself.)

Across the spectrum of what truly has become a gold rush of risk management solutions, I was repeatedly asked much the same question by the vendors: “How can we best differentiate our market position. What’s the secret?”

Let me quickly distill what I’ve learned:

  • You can get real serious and attack supplier risk from a master supplier data management perspective (i.e., build custom apps on top of continuously refreshed data sources)
  • You can take deeper bites of the risk apple or take a broader approach and, most likely, find yourself running in place
  • If you’re not serious about it, you can take the check-the-box approach
  • If you can convince yourself that supplier risk can be managed in DIY software, then you have lots of options to consider
  • If you can’t convince yourself that technology alone is the answer, then there are emerging and customizable tech-enabled solutions that offer risk management-as-a-service (outsourced, expert human beings remain in the loop)

So, what’s the secret? If you’re the procurement audience for one of the aforementioned vendors, you owe it to yourself, if not them, to identify what your objectives are. Risk must be stratified using common sense. What do you actually need? What problem(s) are you trying to solve? What are the solutions worth to you? And of equal, if not greater, importance, who is going to do the actual, required work? These questions are not rhetorical.

Putting aside global geopolitical threats for a moment, what’s your motivation? Are you at supply risk or is it more like a supplier documentation compliance problem? While there are elements of each that clearly intersect here, let’s be real, they’re not the same thing. Could it be a purchased services value management problem that would be better addressed in a more modern contract management platform that integrates performance monitoring? Is your risk initiative being driven by brand managers or the social media police? For a mid-market company, what’s the business case supporting adverse media awareness? Or, do you manage a global network of direct material suppliers and know from experience that disruptions are inevitable and usually devastating to your business?

I could ask these kinds of questions all day long, but the point is, rather than sending out a blanket RFI, buyer organizations must settle on their problem-set, align and commit to the solution value(s) and decide who among them is going to do the actual work. And not necessarily in that order.

In other words, if not becoming that “guy” who selected a key failed supplier is the real department goal, then solve for it. For example, if the financial reporting data sources you have historically relied on haven’t cut it, then avoid the insanity and move on. The good news is, you now have options —several, in fact.

The risk management solution market has been painted with a broad, impractical brush that hasn’t its buyers or sellers well. As a result, there is precious little of the alignment necessary to support a normal buy/sell process. And in fairness, while buying and selling the value of “avoidance” is tough, that few are doing either on the basis of a sound and specific financial business cases makes life even tougher.

While it could be that I’m suffering from a recent dose of too much information (TMI), I can’t help but believe that moving incrementally to eventually cover a broader spectrum of risk may be a smarter approach. Whether buyer or seller, don’t boil the ocean. Talk about doing certain things extremely well, prove that you can, and then keep moving forward.

Regardless, from a buyer’s perspective, determining the value of meeting specifically identified objectives is no less essential than forcing ourselves to face certain realities. How does the would-be vendor solve the garbage in/garbage out problem? How frequently are the data and the underlying documents reverified? Who does this work on our side (i.e., are we going to dedicate staff or should we find a trusted partner to do some or all of the work on an outsourced basis)?

We live in volatile times. Risk cannot be managed on a reactionary ad hoc basis. And even if we just recently heard these things, we instantly know them to be correct. But knowing means what? Does a tree make a sound when it falls in the forest?” By the way, the answer is “yes,” but that’s not the secret.