What are Risk Management solutions?
In today’s volatile business environment, the importance of risk management in procurement and supply chain management cannot be overstated.
From the chip shortage impacting entire industries to geopolitical tensions impacting trade flows and the impact of the Covid pandemic, recent years have highlighted the ever-present vulnerability of global supply chains. The environment in which companies operate has reached levels of VUCA (Volatility, Uncertainty, Complexity and Ambiguity) that have not been witnessed for many decades and will not disappear in the near future, as highlighted by the World Economic Forum’s Global Risks Report for 2024 that paints a sobering picture of the global outlook.
Surveying nearly 1,500 experts, the WEF report forewarns of increasingly turbulent conditions over the next decade, with geopolitical challenges and multi-year inflationary pressures emerging as critical headwinds. Against this backdrop of uncertainty, the imperative for robust risk management practices in procurement and supply chain operations becomes more pronounced than ever.
Deloitte’s Global Chief Procurement Officer Survey underscores the intensifying procurement-related risks and disruptions, with a significant increase in CPOs citing overall procurement risk as a top focus. However, despite this heightened awareness, many organizations struggle to translate risk awareness into effective mitigation strategies. Deloitte’s research also shows that less than one-third of companies hold procurement accountable for supply risk management. Fragmented approaches with limited resources and sub-optimal tools leave organizations vulnerable.
In the face of these challenges, executives increasingly recognize the need for a comprehensive approach to risk management. This involves addressing immediate risks and building resilience and agility in supply chain operations. However, this journey towards supply-side resiliency is fraught with organizational and technical hurdles, with many organizations grappling with limited resources and sub-optimal tools.
To support the above, organizations can leverage technology. However, there are many solutions to manage risk (in its broadest definition) in the context of procurement and supply chain. These solutions do not necessarily have the same focus and capabilities. There are different high-level segments, and even within a segment, the coverage varies from one provider to the other. So, we have written this guide to help readers understand this complex environment.
How Risk Management solutions factor into the S2P process
Unforeseen risks lurk around every corner – from rogue spending to supplier disruptions. Because of this, risk solutions play a pivotal role in enhancing the source-to-pay (S2P) process by providing organizations with the necessary tools and insights to identify, assess and mitigate various upstream risks. These solutions also ensure that risk is accounted for at every step of the S2P process.
Risk-aware S2P is required because of the increasing complexity of global supply chains and stringency of compliance requirements.
So, within the S2P process, risk management is not a standalone activity. Rather, it is interwoven throughout various stages. From supplier onboarding to contract management and monitoring, risk solutions facilitate a continuous evaluation of risks and the management of incidents.
Why Risk Management solutions are important
Managing procurement and supply-chain related risks can deliver substantial value. Grasping the depth and breadth of what risk management entails, however, is complex and can incur costs (especially manpower) that technology can alleviate.
The first element is the amount of effort an organization would have to put into data management, specifically the collecting, maintaining and usage of data and turning it into action — actionable intelligence with preventive/predictive/prescriptive analytics. This point is even more acute here because the data you have to consider covers the entire supply/value chain. So, we have a multiplier effect that creates quite a challenge:
‘Amount of data points per element of chain’ x ‘number of elements in the whole chain
(not just tier 1)’ = huge effort and manpower
But, technology can help organizations tackle that challenge, and this is where its added-value resides.
The key reasons why Risk solutions are important for modern procurement practices are:
- Efficiency:
- Risk technology reduces the effort, energy and resources needed to collect and analyze data from multiple sources that are in scope (internal stakeholders, suppliers, third parties, institutions, etc.). Also, solutions do not stop at a one-time collection. They never sleep, meaning that they can update data records in real time, cleanse/harmonize data and provide a watch/notification mechanism to the relevant stakeholders.
- Organizations that digitize data can also benefit from network effects because data can be mutualized and shared internally and externally.
- Effectiveness:
- Risk solutions can make every process and every decision risk-aware. A key benefit of digitalization is the ability to connect processes together, breaking silos in data and process flows. Risk-related data must circulate from one process (like supplier information management) to another (like sourcing execution) in a closed-loop manner.
- Risk technologies can be the foundation of a digital twin of an organization’s supply chain. With a digital model, organizations can analyze and compare various scenarios, ranging from responses to incidents at suppliers, on routes from suppliers, etc. to product/material-related design scenarios and learn from the simulations.
- Digital solutions can power a digital knowledge management approach to allow easy access to information for everyone who needs it.
- Digital knowledge management empowers users to find content and answers quickly.
- Risk solutions can also help to capture, share and preserve valuable knowledge that might otherwise be lost when employees leave the organization. Also, digital knowledge can be updated instantly and made available to users.
How do I know my organization is ready for a Risk Management solution?
Some signs that it is time to step in with a risk solution might be:
- Recognition of gaps in current practices: If your organization recognizes gaps in its current risk management processes.
- Frequent and costly incidents: If your organization has been victim of supply chain disruptions, fraud or compliance breaches with significant financial implications.
- Regulatory pressure: Increasing regulatory scrutiny demands robust risk management practices (and not only in traditionally heavily regulated industries).
- Need for structured risk framework: If your organization is looking for a structured approach to identify, assess and manage risks involving multiple stakeholders (e.g., procurement, legal, IT).
- Manual and siloed processes: Manual processes lead to inefficiencies and increased risk, and a risk solution can automate and streamline these operations while embedding risk in every activity.
- Lack of visibility: Limited visibility into supplier risk or compliance can expose your organization to unforeseen risks.
If any of the above describes your organization, it is time to begin looking for a risk solution.
Some factors to consider when beginning the journey are:
- Business needs: What are your goals and objectives for implementing a risk solution and what will be the scope (categories, geographies, etc.) of the implementation?
- Change management: Is your organization prepared to undergo changes in processes and workflows that a new risk solution would bring?
- Stakeholder buy-in: Do you have buy-in from key stakeholders like IT, finance and executive leadership?
- Budget: Do you have the budget allocated for implementing and maintaining a new risk solution?
- Integration: Can your existing systems (ERP, other procurement solutions, etc.) integrate with a new risk solution, or do you have the resources to manage integration?
- Process standardization: Is your current risk process adopted across the organization, or are there many variations?
- Data quality: Do you have accurate and complete data for effective risk assessment?
- Support: How will support for internal users and suppliers be done?
Common features of Risk Management technology
Digital solutions in risk management encompass a suite of enabling and supporting capabilities that facilitate comprehensive risk management. These capabilities provide essential frameworks for organizations to enhance their resilience against potential disruptions, making risk management a strategic priority rather than a reactive task.
At a high level, these capabilities can be divided into:
- Enabling and supporting capabilities
- Risk data modeling (breadth, depth, granularity)
- Best practices and guidance (as a service and in the application)
- Analytics and AI for simulations and reporting
- Orchestration (system integrations and collaboration)
- Risk governance
- Risk identification and sensing
- Risk analysis and evaluation
- Risk treatment and mitigation
- Risk monitoring
- Incident management
Enabling and supporting capabilities
Risk data modeling
At the core of an effective risk management framework is robust risk data modeling. This foundational capability organizes risk information into a structured risk register, enabling organizations to assess and quantify the potential costs of disruptions. A well-designed risk data model standardizes the collection and storage of vital data, ultimately supporting informed decision making across the supply chain.
Breadth — Multidimensional and dynamic (predictive) risk scoring
A sophisticated risk data model must capture a wide array of risk dimensions and deliver predictive scoring capabilities. As organizations expand their reach within the supply chain, the volume of data points to manage increases exponentially. Predictive risk scoring streamlines the identification of potential threats, allowing organizations to respond quickly and effectively without exhaustive manual assessments.
Depth — Supply chain transparency (multi-tier mapping)
In an increasingly interconnected world, supply chain transparency is critical. Multi-tier mapping capabilities provide organizations with insights beyond direct suppliers, enabling the identification of upstream risks that could signal emerging threats. By aggregating data from various internal and external sources, organizations gain a holistic view of vulnerabilities throughout their supply chain.
Granularity — Profiling and risk intelligence
Granular profiling of suppliers and third parties is crucial for effective risk management. Comprehensive supplier profiles incorporate key elements, such as financial health, operational performance and compliance records. This granularity allows organizations to develop accurate risk scores, enhancing their ability to prioritize and address the most pressing risks in their supply chain.
Supplier (and third party)
Deep supplier knowledge is critical for managing risk effectively. Advanced supplier information management systems provide organizations with detailed insights into supplier operations, enabling proactive identification of potential disruptions and fostering resilience throughout the supply chain.
Supply
Understanding supply dynamics is essential for risk mitigation. Digital capabilities must encompass visibility into the supply landscape, allowing for the identification of risks associated with specific components, materials and suppliers. This insight helps organizations manage dependencies and develop robust risk mitigation strategies.
Category/market
Digital risk management capabilities should extend to category and market intelligence analysis. This enables organizations to identify and understand the unique risks associated with specific sectors, guiding where to concentrate risk management efforts and informing strategic procurement decisions.
Best practices, guidance and content
Effective risk management solutions integrate best practices, templates and regulatory guidance as part of their core functionality. By offering context and direction, these resources empower users to adopt informed approaches in their risk management processes, ultimately enhancing operational resilience.
Analytics and AI
The role of analytics and AI in risk management is transformative, offering advanced tools to analyze vast amounts of changing data. These technologies enable organizations to identify trends and detect patterns in risk sources, facilitating proactive risk mitigation strategies and real-time decision making.
Orchestration
Orchestration capabilities support seamless integration of risk management across different departments and technologies within an organization. By ensuring effective coordination among stakeholders, these capabilities foster comprehensive risk visibility and agile incident response.
Integration
Robust integration capabilities are essential for pulling data from various internal systems, such as ERP and financial platforms, and external third-party data sources. This interconnectedness ensures organizations have access to a real-time, comprehensive view of risks affecting their supply chain.
Collaboration
Collaboration tools facilitate networking among suppliers and within organizations, enhancing communication and coordination in risk management efforts. Features like shared platforms and collaborative workflows improve risk visibility and promote collective problem-solving across the supply chain.
Risk governance
A well-defined risk governance framework establishes the processes and policies for identifying, assessing and managing risks throughout the supply chain. This framework ensures alignment with organizational strategies while fostering a culture of risk awareness and proactive decision making.
Risk identification and sensing
Risk identification capabilities utilize historical data and predictive analytics to surface current threats while detecting early warning signals for emerging risks. The integration of sensing technologies enhances organizational awareness and allows for proactive engagement with potential challenges.
Risk analysis and evaluation
Risk analysis and evaluation capabilities assess identified risks by examining their likelihood and potential impact. This process extends beyond immediate concerns, contextualizing risks within the broader landscape of the organization’s supply chain environment.
Risk treatment and mitigation
Digital capabilities must facilitate effective risk treatment and mitigation approaches, equipping organizations with the tools to develop and implement strategies tailored to the specific risks they face. This ensures that responses are not only immediate but also sustainable over the longer term.
Risk monitoring
Ongoing risk monitoring capabilities provide organizations with the tools to detect and respond to new risks as they emerge. By maintaining a vigilant watch over risk factors, organizations can make timely adjustments to their risk management strategies.
Incident management
Effective incident management processes ensure that organizations can quickly respond to and resolve disruptions. Digital solutions streamline communication and collaboration during incidents, minimizing their impact and enhancing overall supply chain resilience.
How technology supports Risk Management — Top 5 capabilities
These ‘Top 5’ critical digital capabilities stem from the Spend Matters TechMatch workbench — derived from a larger number of requirements scored in the SolutionMap solution benchmark.
The Top 5 capabilities are the highest-weighted critical capabilities that are central to the displayed solution market benchmark. They have been developed by Spend Matters team of analysts and refined by procurement users in tech-selection projects using our market-proven SolutionMap benchmarking dataset and associated TechMatch decision-making tool.
1. Supplier information management
The ability to manage (collect, enrich, validate) supplier-related information to make it a source of truth that informs other processes and solutions.
On average, vendors can be expected to have supplier profiles focused primarily on identity-focused data, such as identifiers, locations, industry and category codes. It is often extended with information on certifications, financials and sustainability. Customers can extend the data model to create more fields in profiles. The information can be entered, enriched and verified in multiple ways:
- By users at the time of the creation
- By suppliers during the registration or self-registration process
- By connected third-party sources
- By using proprietary or external datasets
Top performers differentiate themselves through breadth and depth. They can collect and verify more information by being connected to a large number of third-party sources, e.g., governmental institutions. Their search function is also more powerful and can be based on profile content, metadata extracted from documents and sentiment analysis. They enhance registration, self-registration and profile management by using a network and connected sources to prefill certain fields and push updates to all parties on the network and by having a richer workflow engine to manage approvals and alerts efficiently and effectively.
Some vendors support multi-tier supply chain mapping, check suppliers against multiple country-based blacklists and even verify ownership of bank accounts in many countries. These capabilities offer accurate, up-to-date supplier information for buyers and make the registration process seamless and low-effort for suppliers.
2. Risk modeling (breadth)
The capacity to model supplier risks, such as risk types and scoring, and apply them to suppliers.
The average provider enables customers to assess risk across multiple dimensions using a multi-level risk taxonomy that mixes operational and compliance risks. KPIs are calculated based on internal and external data. Typical dimensions are financial, fraud, ESG, cybersecurity, reputation and human rights.
Top performing providers have more depth and granularity in the elements they allow customers to track and more configuration options for risk modeling (elements and scoring). Some providers have capabilities to identify and manage risks beyond tier-1 suppliers and handle environmental impacts beyond carbon, e.g., all GHGs, water and deforestation.
3. Risk monitoring
The capacity to monitor and track various dimensions of risks over time.
Providers cover multiple risk dimensions: human rights, cyber, etc. For each, they rely on a mix of quantitative or qualitative information to score potential risks. Information is also populated by leveraging third-party data sources. Risk scoring can be based on a proprietary or customer-configured algorithm. Solutions include an alert mechanism that sends notifications and sometimes recommendations for actions.
4. Risk mitigation
The capacity to enable users to address and reduce risks.
Providers enable users to prioritize risks based on potential likelihood and impact of a risk. Users can create mitigation actions and plans to address exposure. As part of this, solutions support internal and external collaboration.
Top performing vendors can provide deep insights on the potential consequences of a risk. They are also guiding users in the creation of the most appropriate mitigation actions by leveraging situational analysis and playbooks.
5. Risk modeling (depth)
The capacity to assess risk deep inside a company’s supply chain.
Providers are able to surface risks at tier-n suppliers by, first, being able to map a company’s supply chain through various mechanisms and, second, by sensing risks at every tier. Some providers can also map all participants to a supply chain, not just manufacturing suppliers, like logistics centers, ports, etc.
Why selecting Risk Management technology can be difficult
Selecting any technology product can be difficult for a variety of reasons, but we will highlight some of the most important factors you should consider when starting this journey below:
- Market characteristics:
- The risk technology sector is large, complex and fragmented, with a diverse range of vendors sometimes specializing in specific areas. This multitude of options can be overwhelming for procurement organizations looking to find the best fit for their specific needs.
- New features and functionalities are constantly emerging. Keeping pace with the evolving landscape and selecting a solution that can scale with future needs requires ongoing research and evaluation.
- There is an overlap between the different segments and even an overlap and synergies between procurement (external partners) and enterprise-level risk management.
- Interoperability:
- Risk is at the crossroads of many other S2P activities, such as supplier management, contract management and ordering, that all rely on it at some point. In addition, risk depends on other processes like supplier management as the efficient and effective selection of suppliers and awarding requires data beyond price (performance, risk, etc.).
- Configuration management: Despite the fact that risk processes are well known and established, there are multiple variations, even with an organization. Therefore, the need to configure a solution to fit with potential specific requirements is often an important activity. And, not all solutions have the same degree of configurability nor the same approach to configuration management (self-service by customers, via support tickets, etc.).
How Spend Matters can help you select Risk Management technology
Spend Matters specializes in procurement technology diligence. In addition to projects and advisory, Spend Matters offers Insider, the only membership community and technology comparison and selection tool of its kind: access to Spend Matters SolutionMap vendor rankings dataset combined with independent, zero pay-to-play, brutally honest coverage of solution providers, market developments and trends affecting procurement, finance and supply chain.
We can help you find a solution that:
- Can be used to holistically manage suppliers, including supplier risk.
- Can be used for broader risk and/or compliance and/or ESG related to external partners and internal considerations (ERM and GRC).
- Cover specific risk areas with depth when an organization requires it or needs to enhance its current risk framework in specific domains.
- Can reveal, without requiring much effort, what a company’s supply chain looks like and what risks it entails.
- Can be used for risk governance (detect, assess, address) or for only risk detection.
- Can support incident management in a collaborative way.
Because of the different flavors or risk, the various landscapes (process and tools) and the various maturity levels that exist, Spend Matters offers different approaches to selecting technology addressing risk. The chart below illustrates them and provide guidance in selecting the proper content and module:
Discover Risk vendors
These are the vendors we are covering today (or very soon). Visit their vendor directory pages on Spend Matters for a quick vendor overview, demographic information and relevant articles, including vendor analyses.
Suites and supplier management solutions with deep risk capabilities:
Vendor | Description |
---|---|
apexanalytix | apexanalytix provides recovery audit services and also offers solutions for supplier management, with a focus on supplier information management, Risk/ESG and compliance (including deep capabilities for data enrichment and verification) leveraging its network of companies and database of golden records. |
Bedrock | Bedrock specializes in supplier onboarding, banking and risk verification and master data management to ensure that supplier records are accurate. It integrates with ERPs and P2P systems, enabling efficient onboarding and management of suppliers while enhancing data accuracy and reducing manual efforts. |
Brooklyn Solutions | Brooklyn Solutions automates and optimizes supplier management, empowering users to extract maximum value from their contracts and commercial relationships. The platform focuses on contract management, performance optimization and risk mitigation. |
Certa | Certa is a third-party lifecycle management platform that enables customers to manage the entire lifecycle of third parties including TPRM (including KYC/AML), Central Intake, CLM and ESG. Its vendor lifecycle includes vendor onboarding, risk management, monitoring and vendor base knowledge management. |
Contify | Contify aggregates information from a large number of sources including online news, company websites, social media and customer-supplied internal sources. Then, its AI — with the help of human curation — processes the inbound news to filter out the noise. Customers can receive the results in different formats to ensure they arrive where and when they are needed and can be acted upon. |
Coupa | Coupa is a leading S2P platform that offers a user-friendly interface and opportunity detection based on its large user community. Coupa provides strong and broad supplier management solutions. |
Craft | Craft serves as a supplier intelligence layer, pulling data from over 70 partners and the broader web to provide its clients with easy-to-use, up-to-date supplier information. It has a deep understanding of supplier risk financially, socially and geographically and offers in-depth supplier profiles that include everything from credit scores to warehouse locations. It can enrich and update supplier information without requiring anyone to enter data. |
ebidtopay | ebidtopay follows a single-source-code approach with many configuration and customization options without the need for coding changes. It supports holistic supplier management for all categories, including direct materials. |
GEP | GEP is more than a technology provider. It offers a full range of services, including market/category intelligence, supplier management services and BPO. Its natively integrated suite provides supplier management capabilities with a focus on supplier lifecycle and data management — including master data management integration. |
Graphite Connect | The solution is a platform where suppliers can manage their profiles, like individuals on LinkedIn or other social networks, and serve as a central platform for companies to share information publicly and privately. |
Ivalua | Ivalua offers a natively integrated, intuitive and very flexible suite. It has capabilities for all types of spend, including direct materials. Ivalua enables organizations to streamline and enhance holistic supplier management (supplier onboarding, performance tracking, risk and sustainability assessments) through cross-functional collaboration and cross-process fertilization and integration. |
Jaggaer | Jaggaer One is an S2P suite that grew through several acquisitions to cover all spend. From a supplier management standpoint, it covers the whole supplier lifecycle, including direct-materials-related capabilities like granular qualifications and supply quality management. |
Kodiak Hub | Kodiak Hub offers modular solutions for capturing supplier data, managing contracts, assessing compliance, evaluating performance and driving innovation. Users benefit from automated data management, robust analytics and seamless integration with existing business systems. |
LUPR | LUPR is a supplier management solution built on the Salesforce platform, designed to help procurement organizations manage their suppliers effectively. It offers a 360-degree, real-time collaboration tool aimed at enhancing supplier relationship management by enabling users to extract, analyze and manage data on suppliers, oversee activity pipelines and track performance and risks. |
MeRLIN | MeRLIN is an S2P suite provider launched in 2021 that supports direct and indirect spend for mid-market companies in the manufacturing and public sectors. Its supplier management solution has a focus on supporting sourcing and provides onboarding, SIM and performance. |
Procurence | Procurence provides a supplier management platform with a focus on supplier qualification and performance monitoring for direct materials. Its deep solution is particularly well-suited for customers that have deep and complex requirements for SPM/SQM. It also offers rich collaboration features that reflect the nature of direct material procurement activities. |
QAD | QAD provides supplier management solutions, with a focus on direct supplier management and compliance checks. It offers tracking of quality, inspections and engineering capabilities for enhanced supplier relationship management and risk mitigation strategies. |
SAP Ariba | SAP Ariba is a leading S2P suites platform known for its comprehensive capabilities in multiple verticals and for all spend. It supports the management of the whole supplier lifecycle and customers benefit from its vast supplier network. |
SupplHi | SupplHi provides industrial organizations with full-service supplier management solutions, focusing on CAPEX and MRO spend. It offers comprehensive vendor management, compliance checks and AVL creation, with a focus on deep compliance, sustainability and risk management for improved supplier relationships. |
Trust Your Supplier | Trust Your Supplier has a focus on data verification and compliance. It provides a platform for managing supplier information and ensuring compliance with regulatory requirements for better supplier relationship management. |
Best-of-breed TPRM, SCRM and others
Vendor | Description |
---|---|
Achilles | Achilles helps organizations manage supply chain risk and sustainability by providing assessments and ratings. It manages a global supplier database (pre-qualification and verification of data relating to financial risk) and creates collaborative industry communities for risk management and verified supplier data sharing. |
Altana | Altana delivers visibility and insights that are only possible through its unique federated learning architecture, creating a global network of supply chain intelligence across the public and private sectors. Customers can understand, verify and document their value chain connections through the platform to establish a source of truth. |
Aravo | Aravo is a third-party management application that allows customers to have a single inventory of all their third-party relationships, their firmographic data and their risk profiles. |
Archer | Archer is an ERM solution that acts as a centralized hub for an organization’s holistic risk management programs, enabling teams to systematically identify, assess and monitor risks across the entire enterprise and the third parties it uses. |
Assent | Assent is a solution that helps manufacturers manage sustainability in their supply chain. It includes solutions for product compliance and SCRM. |
AuditComply | AuditComply has an all-in-one platform for risk, compliance and quality management that customers in food & beverage, manufacturing, automotive, retail and technology leverage to ensure compliance and resilience. |
Authenticate | Authenticate’s SCRM solution provides its customers with the technology to map finished and raw products back to the source. It also monitors suppliers to ensure compliance and measure ESG risks. |
Avetta | Avetta’s platform, Avetta One, gives insight and assurance around the wide range of risks that can be imported into a business when engaging with third parties via, for example, health and safety, sustainability and environmental and fiscal risk. Avetta provides a high degree of assurance, ensuring compliance with legislation, best practices and client-specific needs. |
axiscope | axiscope DSP allows customers to manage and track supplier compliance within a regulatory and quality scope, check which certifications suppliers have and manage risk. |
Beroe Inc. | Beroe has over 400 category-focused analysts in its research hubs across the US, Europe, India, South Africa, China and Argentina in addition to 1,800 other experts that contribute to building intelligence for customers that is delivered via its application (Beroe LiVE.Ai) and services. About 2,000 spend categories are covered in the solution that provides deep insights and benchmarking on these categories. |
BitSight | BitSight provides a cybersecurity rating for organizations. By continuously collecting and analyzing vast amounts of data, BitSight generates a numerical rating that reflects an organization’s security posture. |
Circulor | Circulor offers a software solution that enables its customers to track the flow of goods through supply chains to demonstrate responsible sourcing, prove ESG performance and support climate neutrality objectives. The solution tags and tracks the commodity itself and records the processes it undergoes and the chain of custody on its way to becoming a finished product. Customers have a digital twin that provides far higher confidence rather than simply tracking related transactions. Such an approach is especially beneficial for rare earth materials as well as plastic, leather and palm oil. |
Counter Forced Labor Technologies | Counter Forced Labor Technologies focuses on forced labor in supply chains. It uses AI-powered, data driven technology products to manage all aspects of supply chain risk. It also has a proprietary Global Rizk Assessment Technology (GRAT) for companies that want to demonstrate compliance with regulations, ESG standards and identify and mitigate forced labor, slave labor, and human trafficking in their supply chains. |
Diginex | Diginex’s products help organizations to address ESG, climate and sustainability issues, using blockchain technology to lead change and increase transparency. Its products cover ESG reporting and supply chain due diligence. |
Diligent | Diligent is a GRC solution, meaning that it covers internal and external aspects related to risk and compliance. It provides tools and platforms to help organizations manage board meetings, secure sensitive information, streamline their overall governance processes and manage third-party risks. |
Dow Jones | Dow Jones is a global provider of news, data and analytics for the financial industry. It is best known for the Dow Jones Industrial Average (DJIA), a stock market index, but it also offers a wide range of products and services including financial news, data feeds, risk management tools and market analysis. |
Dun & Bradstreet | Dun & Bradstreet is a global business information and credit risk management company. It provides data, analytics and insights on businesses to help other organizations make informed decisions. Its services are used for various purposes, including sales and marketing, risk assessment and financial analysis. |
EcoVadis | EcoVadis offers sustainability solutions for companies of all sizes and industries globally. Its platform helps manage ESG risks and compliance in supply chains, assists in meeting corporate sustainability goals and drives impact by improving sustainability performance. With over 2 million companies screened, EcoVadis provides services like risk scanning, due diligence, decarbonization support and tools for creating sustainable value and impact. |
Everstream Analytics | Everstream Analytics is a SCRM solution that resulted from the merger between Resilience360 (DHL) and Riskpulse. It has 10 years of historical data (logistics data) and purchases trade data from various sources with information on destination/origin and buyer/seller that it uses to reveal a customer’s supply chain. Also, it processes a large amount of data sources to constantly monitor companies. Everstream includes weather-based risk monitoring and is supply-focused. |
Exiger | Exiger is an SCRM solution that covers supply chain transparency and multi-dimensional risk scoring at the entity level (customers, partners, n-tier suppliers and third parties) and at ‘supply’ level (hardware and software). It relies on a wealth of data that its AI (NLP) processes to surface information on entities relationships, key facts, key events and key risks in those entities. |
Exostar | Exostar is an SCRM solution that focuses on highly regulated industries, where trust in the access, integrity, sharing and security of information is critical. It helps address the NIST SP 800-171 and CMMC flow-down requirements included in the updated DFARS regulations to track and measure its own vulnerability and compliance status as well as the postures of its partners and suppliers. It has a community of pre-vetted suppliers. |
FRDM | FRDM provides a supply chain transparency solution that is affordable and enables customers to quickly understand beyond tier 1 who their suppliers are to identify risks or gaps and address them. FRDM algorithmically generates multiple risk views around human rights and the environment for each supplier which are based on the country of the supplier, the industry of the supplier and the supplier itself. |
Fusion Risk Management | Fusion Risk Management is an ERM provider that covers business continuity, disaster recovery and crisis management. It includes TPRM in its scope. |
Global Risk Management Solutions (GRMS) | GRMS is a supplier (suppliers, contractors and service providers) risk management provider focused on delivering real-time risk data and insights to help organizations manage their supply chains more effectively. GRMS’ services include the adjudication of data, physical review of documents and a support system that assists suppliers to get into compliance with their client’s risk assessment requirements. With its platform, Veritas, customers can monitor many risk components and are alerted to any changes in risk ratings. |
GoSupply | GoSupply is an SCRM solution that has capabilities focused on prequalification and advanced risk monitoring for suppliers and third parties. Customers can configure questionnaires, scores, alerts, risks factors, weights and scoring. |
Halo Ai | Halo Ai was founded to assist organizations with their TPRM problems by consolidating supplier data into one platform, gathering supplier information automatically and assessing risk for suppliers automatically. Specifically, Halo Ai aims to become a one-stop-shop for its customers that covers all kinds of third-party risk management. Currently, as a new product that launched in 2023, it covers risks associated with financials, cyber, geopolitics, compliance, sanctions, diversity and customer sentiment. |
IntegrityNext | IntegrityNext is a sustainability platform for monitoring multi-tier ESG data that integrates into other procurement solutions. It combines shared supplier assessments and social media monitoring. It allows an organization to get immediate insights on any supplier already in the platform. Pre-built questionnaires cover environmental protection, human rights & labor, health & safety, diversity, anti-bribery & anti-corruption, supply chain responsibility, data protection, cyber security, quality management, financial information, blacklist & sanctions, conflict minerals, REACH, RoHS and many more ESG elements. |
Interos | Interos is an SCM solution that is an AI-first provider that delivers supply chain transparency and risk scoring/monitoring. It has developed its own risk model and scoring with the purpose of becoming a standard (like D&B ratings for financials or EcoVadis scores for ESG). |
iPoint | iPoint’s solution helps customers collect, analyze and report all necessary data to manage compliance, risk and sustainability of their products and supply chain. |
Kharon | Kharon is a global risk analytics platform that helps organizations identify and manage a wide range of sanctions and compliance risks. Its services are used for managing financial crimes, supply chain exposure, export controls and investment risk. |
Kroll | Kroll is a global provider of risk and financial advisory solutions and services. It helps customers address regulatory and reputational risks associated with ethics and compliance obligations. It includes a TPRM offering that focuses on reputation, ESG, cyber and financial risks by screening partners against sanctions, government watch lists, social media and other sources. |
LexisNexis | LexisNexis is a global data and analytics company that provides information and insights to help businesses and individuals make informed decisions. It offers a wide range of products and services, including risk management with fraud prevention and compliance. |
LogicGate | LogicGate is a GRC provider that helps organizations manage their risks, ensure compliance with regulations and improve overall governance. |
LogicManager | LogicManager is an ERM provider. It offers a cloud-based platform designed to help organizations identify, assess and manage their risks effectively. Its solution also includes features for governance and compliance management. The TPRM module covers third-party onboarding/offboarding, risk assessments, due diligence and performance tracking. |
MetricStream | MetricStream covers GRC and Integrated Risk Management (IRM). It has a platform that helps organizations manage and mitigate risks effectively while also ensuring compliance with regulations. It covers TPRM and SCRM that aggregates and maps supplier and sub-supplier data for comprehensive transparency and assessment. |
Mitratech | Mitratech is a global technology company specializing in providing software solutions for corporate legal departments, risk and compliance teams and HR professionals. It covers GRC and TPRM. |
Moody’s | Moody’s is a leading provider of credit ratings, research and data for the global capital markets. It assesses the creditworthiness of companies, governments and securities, helping investors make informed decisions. It acquired BvD to expand its data and analytics offerings beyond credit ratings. BvD brought a vast database of company information, particularly on private companies. |
NAVEX | NAVEX is a provider of GRC solutions. It offers a comprehensive platform to help organizations manage and mitigate risks, ensure compliance with regulations and foster a strong ethical culture. It covers TPRM by screening and monitoring third-party risks. |
OneTrust | OneTrust is a company that helps organizations manage and mitigate risks related to privacy, security, governance and compliance. It focuses on the secure handling of company data but has extended its coverage to TPRM from initial intake to risk assessment, mitigation, ongoing monitoring and reporting. |
Owlin | Owlin focuses on reputational risks by screening news to identify negative news or rising complaints about a third party. |
Prevalent | Prevalent is a TPRM platform that offers solutions for both IT vendor risk management and broader supplier risk management. |
Prewave | Prewave, an SCRM solution headquartered in Vienna, Austria, is a next-generation risk intelligence platform that analyzes social media, news media and third-party data feeds with advanced machine learning technology to extract numerous categories of events, indicating potential risks and then predict the likelihood of impact on a supplier and a supply chain that relies on that supplier. |
ProcessUnity | The provider offers a suite of risk management software solutions but focuses primarily on third-party and cybersecurity risk. Its customers are typically from highly regulated industries and range from mid-market organizations to Fortune 50 companies. |
RapidRatings | RapidRatings is a provider of financial health analytics. It specializes in assessing the financial stability of companies, providing insights to help organizations manage their business partners and mitigate financial risks. |
Resilinc | Resilinc brings granular and deep visibility into supply networks and constantly monitors and assesses risks associated with the many partners in a company’s supply chain. Customers can map their entire supply chain down to the site, product and part level to gain visibility to act quickly when disruption strikes. |
Risk Ledger | Risk Ledger is a collaborative platform for supplier due diligence that focuses on supply chain security and risk management It helps organizations identify, assess and mitigate risks associated with their suppliers and vendors. |
RiskRecon | RiskRecon is a specialized platform that focuses on third-party cyber risk management. It helps organizations assess and manage the cybersecurity risks posed by their vendors and suppliers. |
SAI360 | SAI360 is a GRC provider. It offers a cloud-based platform designed to help organizations effectively manage and mitigate risks across various areas of their business and third parties. |
smartKYC | smartKYC offers a suite of AI-powered software solutions to automate third-party risk screening and monitoring. Multiple identifying attributes are used to ensure the right identity is being profiled, even in media sources. And all sources are robotically analyzed, with semantic precision, in native language to ensure regulatory compliance and reputational risk. |
SourceDay | SourceDay has enhanced its PO-collaboration solution to cover risk management. Powered by AI and ML, it mitigates vulnerabilities at critical points in the purchase order lifecycle. By providing real-time visibility and predictive risk assessment, SourceDay helps organizations anticipate and eliminate disruptions, improving on-time deliveries and reducing buffer stock levels. |
Sourcemap | Sourcemap enables multinationals to map their supply chains through a cascading process. The solution can automate the disclosure process and automatically send invitations all the way from tier 1 suppliers to the raw material. The solution also supports traceability, and it does so in a flexible way to make sure that all suppliers, even the smallest (like a farm), can upload data. |
Sphera | Sphera is a provider of ESG performance and risk management solutions. The platform offers a comprehensive suite of tools for managing operational risk, environmental health and safety, product stewardship and supply chain risk (ex-riskmethods). |
Supply Risk Solutions | Supply Risk Solutions (SRS) tracks geopolitical risk, natural disaster risk and financial risk. It handles all supplier communication on behalf of the client and offers a variety of other managed services. It has a network approach in the sense that its main value proposition is to increase network resilience by giving manufacturers a blended mix of technology and services to increase the resilience of their critical suppliers through peer-defined and industry-specific assessments and guidance. |
Supply Wisdom | Supply Wisdom is a TPRM solution that delivers real-time, comprehensive risk intelligence on third parties. It leverages automation and data science to provide rapid, in-depth assessments across financial, operational, compliance, ESG, cyber and location-based risk domains. |
SupplyShift | SupplyShift is a supply chain visibility provider. The cloud-based solution helps buying organizations from multiple industries trace their supply chains and collect information from all tiers. It enables this via a cascading survey approach in which suppliers can send specific questions ‘down the chain’ to other suppliers. |
sustainabill | sustainabill enhances supply chain sustainability. It empowers procurement and CSR teams to create transparency within their supply chains, implement sustainability and due diligence requirements. The platform offers tools for data collection, risk assessment and performance monitoring. |
Venminder | Venminder is aTPRM platform. It offers features such as onboarding and offboarding, questionnaire management, risk assessment and workflow automation. |
Whistic | Whistic is a vendor security network platform that streamlines the vendor assessment process. It allows InfoSec teams to easily assess vendors and confidently share security posture from an all-in-one, AI-powered platform. |
Wholechain | Wholechain is a blockchain-based supply chain transparency and event-based traceability platform that aims to provide transparency to end customers. Customers invite their tier-1 suppliers to the platform, their tier-1 can then declare their own suppliers, which, in turn can join. Data is logged by various stakeholders (including suppliers and logistics providers) at various stages or events (during manufacturing but also shipping). Users have, therefore, a complete view of what happened in their downstream supply chain and they can enrich that data with sources to create mash-ups and address needs beyond traceability. |
WNS Procurement, Powered by The Smart Cube | The Smart Cube started as a research and analytics specialist. Its historical positioning as a provider of market intelligence is evolving to cover new areas: commodity intelligence and supplier risk. It uses a blended mix of machine and human intelligence to deliver insights in their solution as part of the standard products, as part of customer-specific configurations and ‘offline’ deliverables like reports and analysis that are produced as part of white-glove services and engagements. 8,000+ commodity price data series across regions and countries. |
Worldfavor | Worldfavor is a sustainability platform that businesses use to measure, manage and improve their ESG performance. By providing access to a vast database of sustainability data, the platform enables companies to assess their supply chain, track progress towards sustainability goals and comply with evolving regulations. |
Z2Data | Z2Data is an SCRM solution that leverages a vast component and part database and advanced analytics to provide real-time insights into market availability, lead times, pricing and supply chain disruptions. |
Glossary
Term | Definition |
---|---|
CSR | Corporate Social Responsibility is a qualitative and self-regulating business model that aims to improve society and the environment. |
ESG | Environmental, Social and Governance focuses on reaching certain performance metrics, setting measurable goals and conducting audits. There are explicit standards surrounding ESG, and ESG performance now serves as a sustainability credit rating for companies and their investors. |
ERM | Enterprise Risk Management is a comprehensive approach to identifying, assessing and managing risks across all functions of an organization. It tackles everything from governance to compliance in a unified framework. |
GRC | GRC ensures that operations align with objectives, risks are managed effectively and compliance with laws and regulations is maintained. GRC focuses on three key areas: governance (G) to establish structures, processes and practices that guide the organization towards its goals; risk management (R) to identify, assess and mitigate risks that could hinder the organization’s ability to achieve its objectives; compliance (C) to ensure adherence to laws, regulations and internal policies. |
Incident | An incident is an actual event that has already happened and has caused or might cause harm or loss. Unlike risk, incidents are actual occurrences. They represent the materialization of a risk. |
PESTLE | Analysis of the key external factors (Political, Economic, Sociological, Technological, Legal and Environmental) that influence an organization |
Risk | A risk is a potential future event that could cause harm or loss. It is essentially an uncertain situation with a possibility of negative consequences. It is a probabilistic concept, meaning it involves uncertainty and the possibility of various outcomes. |
Risk (inherent) | Inherent risk refers to the base level of risk associated with an activity or situation before any controls are implemented. It represents the natural risk level due to the nature of the business or the environment in which it operates. |
Risk (residual) | Residual risk is the level of risk that remains after the implementation of controls or mitigating actions. |
SCRM | Supply Chain Risk Management specifically focuses on identifying, evaluating and mitigating risks within the supply chain itself. This includes risks related to supplier reliability, geopolitical factors, natural disasters or changes in demand. It is concerned with ensuring that the entire supply chain network is resilient and capable of responding to challenges effectively. |
Supplier risk management | Supplier risk management specifically focuses on assessing and mitigating risks associated with external suppliers throughout the procurement lifecycle. It involves evaluating factors, such as financial stability, quality assurance, geopolitical risks and compliance with regulations to ensure a reliable and resilient supply chain. Essentially, it is about ensuring that organizations work with trustworthy and responsible suppliers to minimize potential disruptions. |
Supply risk management | Supply risk management deals in identifying and mitigating risks that could disrupt the flow of goods or services within the supply chain. This encompasses various factors, such as demand variability, supplier reliability, natural disasters, geopolitical instability and regulatory changes. The primary goals are to enhance the resilience of the supply chain and minimize the impact of disruptions on operations. |
TPRM | Third-party risk management encompasses both supplier risk management and the risks associated with any third-party vendors or partners, such as IT contractors, logistics partners or even customers. It is about ensuring that organizations have effective processes in place to identify and mitigate risks across their extended enterprise network. |