Risk and Compliance - Premium Content

Oversight Systems — TCV acquisition, spend compliance intro and sector musings

Mergers and Acquisition News in procurement industry

On Wednesday, Oversight Systems announced that TCV, a private equity firm, had acquired a majority stake in the provider of spend compliance solutions from Luminate, the previous investor.

Oversight competes in the spend compliance market, a clever overlay that sits alongside — or on top of — source-to-pay process and data flows, primarily for indirect and expense-based spend. It augments the capabilities of spend management and T&E providers, although Coupa does have home-grown capabilities in this area as well.

Oversight largely grew under the radar in recent years, and it is not well known in the procurement and finance technology sector. But along with Appzen, Oversight has carved out a leadership position in this market (although there are material differences between the two providers).

While both providers are worthy of consideration for organizations looking to complement existing procure-to-pay and T&E investments, we’ll leave additional practitioner analysis to a PRO update in the months to come, and today will focus our Spend Matters Nexus coverage on explaining this market segment and how Oversight Systems slots into it. We’ll start with a back-of-the-napkin estimate on the transaction.

Related coverage:

CORONAVIRUS RESPONSE: Fraud, P2P and Vendor Management Safeguards — Protecting cash and rapidly vetting suppliers in a crisis 

Oversight Systems: Vendor Analysis (Part 1) — Background and Solution Overview

Oversight Systems: Vendor Analysis (Part 2) – Product Strengths and Weaknesses

Oversight Systems: Vendor Analysis (Part 3) — Competitive and Summary Analysis

Jason Busch is Managing Partner of Azul Partners’ Investor Advisory Group. He works with sponsors, CEOs and boards on data-driven due diligence, M&A and business strategy. Jason is also the lead author of Spend Matters Nexus, a private newsletter.

Making Sense of Supply Risk Management Solutions (Part 3) — A Look at 8 Supplier Management Providers [PRO]

“Supplier management,” often called “supplier lifecycle management,” is an area that procurement practitioners struggle with because of its complexity (as is the intersecting area of supply risk management that we’re covering in this series). Supplier management generally breaks out into two main areas:

  • Extracting value from supplier relationships. This includes supplier performance management (SPM), supplier relationship management (SRM), and supplier quality management (SQM)
  • Protecting that value through supplier risk management (and ancillary supplier compliance management) that we’re drilling into in this series

Note that supplier information management (SIM) is also part of supplier management and manages the core information that supports risk and reward from above — and the information/intelligence requirements for supplier risk management are immense. For more on this definitional stuff that practitioners will find useful as well, see our PRO article here, and from a technology market/provider standpoint, we analyze these supplier management solutions in our SolutionMap vendor rankings and benchmark database.

Part 1 of this Spend Matters PRO series gave an overview of supply risk management solution market, the issues for enterprise risk and the types of solution providers available. Part 2 began our look at nearly 50 providers in this space by comparing four vendors in a key area — supply chain risk management (SCRM).

In this Part 3 of the series, we’ll examine a group of the top-performing supplier management providers, including both “suite” vendors competing in the source-to-pay (S2P) market as well as best-of-breed specialists. Both have a key role to play in the broader supply risk management market. This Spend Matters PRO analysis provides insight into this group of vendors, which we describe as supplier risk management providers. It is the third-part of our series exploring the broader supply risk landscape (which goes beyond supplier risk).

This brief provides an overview of where and how providers like Allocation Network, APEX Analytix, Coupa, HICX, Ivalua, Jaggaer, Procurence and State of Flux “fit” alongside other types of vendors targeting supply risk management. It describes specific solution capabilities they offer and provides examples of common risk use cases.

This PRO analysis also includes a capabilities ratings matrix for supplier risk management of those eight providers, based on the latest SolutionMap dataset from 2020. The vendor ratings matrix compares 10 capabilities, including supply risk, enterprise risk, risk assessments, mitigation planning and regulatory compliance.

While these eight providers are not a substitute for supply chain risk management specialists such as Resilinc, riskmethods and Resilience360 (which we rated on 18 capabilities rather than 10), they provide deeper and essential functionality from a core supplier and entity-level management perspective.

Finally, we should note that while the top-performing providers mentioned above do not represent an exhaustive list of all supplier management providers with capability to support supplier risk management, it is a strong sample as a starting point for those exploring capabilities in this area. Each has something unique to offer — and opportunities to address.

Let’s dive in!

Making Sense of the Supply Risk Management Solution Landscape (Part 1) [PRO]

Enterprise risk has never been higher.

The COVID-19 crisis has been an accelerant to other enterprise risks, such as cyberthreats, employee health and safety, and most certainly, supply risks affecting suppliers in complex value chains. For procurement and supply professionals, managing this risk is challenging because they might not necessarily get credit for reducing supply risk that they do for reducing supply costs (spend), but risk certainly impacts them and their ability to help the business accomplish its goals.

Herein lies the good, the bad and the ugly. Supply risk management is a two-headed beast:

  • The ability to manage and mitigate RISK within the SUPPLY MANAGEMENT function (i.e., source-to-pay and broader value chain), including within the supplier management process
  • The SUPPLY-side aspect of enterprise RISK MANAGEMENT where enterprise risk and compliance (including to CSR/ESG goals) requirements get extended out to supply chains and third parties (e.g., suppliers!).

The “good” is the ability to extend and integrate enterprise risk/compliance out and back to the external partners that are woven into your business. Supply risk management is intrinsically linked with enterprise risk management by performing supplier risk management processes within the S2P process intrinsically as part-and-parcel of the TPRM (third-party risk management) process that sits within the top level ERM (enterprise risk management) and GRC (governance, risk and compliance) processes. Or put another way, if you’re going to reduce enterprise risk, you need to extend your risk management processes outside the four walls to your trading partners — and make sure that your internal stakeholders are aligned in that effort for business continuity planning (BCP).

As such, the “bad/ugly” aspect of poor alignment is the inability to execute these aligned processes given the fragmented terminologies, methodologies, regulations, stakeholders and solution providers/markets vying to help solve these issues.

We can’t delve into all the organizational issues here — e.g., the philosophical/religious battle of whether ERM or GRC is the best top-level methodology; or where sustainability best slots in; or who should own TPRM organizationally (GRC? Procurement? Both?) Regardless, when you start “connecting” the dots across (and within) these domains, you’ll see the potential linkages that are needed — and how many are lacking. For example, very few procurement organizations have helped establish a “single face to the supplier” via a supplier portal that integrates these various risk areas in IT, GRC, legal, etc. (i.e., beyond just a basic procurement/AP registration portal with some basic risk functionality). It’s a technical challenge and an organizational challenge.

We see many of our practitioner advisory clients struggle with how to unify all of these stakeholders and systems — and also just getting the funding needed to do so. They also struggle with what types of providers are appropriate to consider beyond the traditional silos or “lanes.”

In this Spend Matters PRO series, we’ll present a framework for supply risk management that not only is segmented to meet the objectives of supply-side professionals, but also integrates into the higher-level enterprise risk/GRC areas — and simultaneously reflect the current state of solution/services providers. This mega mashup market is messy because there’s a lot of provider overlap and also because of changing dynamics between SaaS solution areas — and because of changing provider market dynamics around content aggregation, analytics-derived intelligence (which is increasingly based on large communities of users and purpose-built machine learning algorithms), risk scoring methodologies and other areas.

Part 2 looks at four of the nearly 50 vendors that we'll introduce in this space.

Part 3 looks at eight supplier management providers.

CORONAVIRUS RESPONSE: Fraud, P2P and Vendor Management Safeguards — Protecting cash and rapidly vetting suppliers in a crisis [PRO]

In this installment of our “Coronavirus Response” series, Spend Matters will explore fraud, P2P and vendor management safeguards. With the COVID-19 crisis creating new fires for procurement to put out and critical supply risks arising to address, fraud is an unfortunate reality that businesses need to remain on guard against — especially in times where bad actors mobilize to take advantage of distracted and newly remote operations. This PRO brief will focus on the first three solution providers that we’ll profile in this category: AppZen, ConnXus and APEX Analytix.

The mission of this series is to examine categories of relevant solutions and example providers that professionals in procurement, finance and supply chain organizations should investigate to reduce, and even mitigate, coronavirus supply risk. And even if the solutions are only addressing a subset of the issues, the ability to respond intelligently in the short term can also help set organizations up for the future when sanity returns to the world.

Today’s brief focuses on the fifth of the seven solution categories that we’re covering:

1. Supply risk management solutions that include supply chain risk, CSR risk, supplier financial risk, etc.
2. Sourcing and commodity management, including advanced sourcing, direct sourcing, automated supplier discovery, and commodity management to help dynamically plan and source. (See this category’s recommended solutions for direct sourcing here.)
3. Advanced procurement analytics to enable direct procurement and/or to perform “spend planning” when demand drops out or spikes. (Its profile for this series is here.)
4. Procure to Pay (P2P) that emphasizes working capital, dynamic discounting, payment control and related finance priorities to help inject cash into the P2P process — especially for many cash-starved suppliers. (This category is discussed in-depth here.)
5. Fraud, P2P and vendor management safeguards when new suppliers need to be set up quickly, and also when lowlife fraudsters try to use the pandemic as a way to steal money and IP.
6. Providers with deep contract analytics that can analyze a contract portfolio for affected contracts from suppliers (and customers) for not just force majeure clauses, but other related clauses that tie to the multiple risks popping up at once in the pandemic.
7. Contingent Workforce and Services solutions that are able to, at a minimum, help rapidly ramp up on-demand workers to deal with massive resource shortfalls. We are looking at four categories of solutions for sourcing remote/online work; solutions for sourcing and managing contract workers at geo-specific capabilities; solutions to “direct source” and manage contract workers; solutions for data management and analytics. (The first PRO brief from this category, about sourcing remote/online work, can be read here.)

Owing to the magnitude of the crisis, Spend Matters recently made the series introduction available for free to all readers. PRO subscribers can see our follow-up pieces that profile the other categories and their solutions in that market. We will include a lot of information on each category PRO brief that readers can see without hitting a paywall, but since we also draw heavily from our existing deep-dive analysis of the providers from our SolutionMap database, some information will be available only to our PRO subscribers.

For fraud and vendor safeguards, the immediate need for companies in all sectors will include proactively detecting fraudulent behavior from all possible sources, whether it’s employees abusing normal corporate channels (e.g., stocking their own homes with toilet paper on the company dime) or cybercriminals posing as suppliers to reroute payments into personal bank accounts. At the same time, manufacturers may need to identify new sources of supply, leading them to rapidly onboard new suppliers. Yet without proper safeguards in place, a frantic selection could lead to longer-term problems, should the supplier have past issues with regulatory compliance or run an unsustainable operation.

The initial three solutions — from AppZen, ConnXus and APEX Analytix — all have capabilities in proactive fraud detection or supplier risk management, especially as it pertains to the validation of supplier information. We will likely add providers with similar and other strengths in fraud detection and vendor risk management at a later stage.

Each category-specific PRO piece in this series has three sections:

1. Problems and Use Cases. We’ll highlight the problems in force (which will vary through different phases of the crisis) and the various scenarios where solutions can provide deeper insights, intelligence and scalable workflows.
2. Solution Rationale and Value. We’ll outline how various solutions can help solve the problems and the specific questions that they’ll help answer.
3. Example Providers. We’ll highlight the solution providers that can support the problems and deliver value.

Some providers are offering coronavirus-specific programs and “freemium” commercial offers, and we’ll note those whenever we update this piece. We’ll also start the series with providers that we already have deep knowledge on, but we’ve been seeking information from other vendors too.

Let’s jump into how fraud and vendor safeguard solutions can help.

Through April 2020, a special PRO Expert Survival Pack is available to procurement practitioners only* at up to 50% off — Learn more

Avetta, Browz to Merge: History and the Growth of Community-Oriented, Network Models (Part 2) [PRO]

Industry insiders might argue that the growth of Avetta, Browz, ISNetworld and other industry supplier compliance and credentialing solutions like VendorMate (now part of GHX), GRMS and Hellios should never have been allowed to reach escape velocity owing to the first mover advantage that Achilles had on this market overall. But playing armchair supplier credentialing, pre-validation and certification vendor quarterback is nowhere near as useful an exercise as explaining the history of this market and how it became the largest procurement solutions sector that most buyers know little if anything about — yet is of critical strategic (and growing) importance.

So join us as we provide a history lesson about how this market came about and the value levers it created for buyers and suppliers. This investigation includes exploring how the sector in which Avetta competes can serve as a complement to other supplier management and risk management areas too (which we’ll tackle in more detail in the next research brief in this series).

If you’re just coming up on this market and the merger of Browz and Avetta, read the first research brief in this series (Avetta, Browz to Merge: Facts, Solution and Market Overview), which explored the core details and numbers behind the two companies coming together under the Avetta name.

Avetta and Browz to Merge: Facts, Figures, Solution & Market Overview (Part 1)  [PRO]

Avetta announced earlier today that it and Browz are merging. Together under the Avetta name, the two providers of supplier management and supply chain risk management will become one of the clear leaders in perhaps the most “under the radar” procurement solutions market. The general focus of these two providers is on supplier and contractor on-boarding, pre-qualification and virtual auditing in support of vendor compliance, environmental, health and safety, risk management and related initiatives. SaaS-based enablement is a component of what Avetta and Browz do, but the real value they bring is based on the network impact and scale economics focused on supplier/contractor intelligence they provide to buyers and suppliers alike on a many-to-many basis.

Avetta, Browz, ISNetworld, Achilles and other similar solution providers compete in this somewhat niche — though quite sizeable and rapidly growing — area of the supplier management and supply chain risk management worlds. While not as well-known as providers like Coupa, Jaggaer and Ivalua (let alone SAP Ariba and Oracle), these four providers — along with a handful of other vertical and geographic specific providers — represent one of the fastest growing $500 million+ procurement solutions markets (2018 revenue), one that the vast majority of procurement and supply chain organizations know quite little about the inner workings of.

For many Spend Matters readers, this really is the largest procurement solutions market you’ve never heard of.

Over the course of the coming weeks, this Spend Matters PRO series will explore the combination of Avetta and Browz and what it means for the market. It will also unpack this market segment and explain how it fits alongside supply chain risk management, supplier information management (SIM), supplier performance management, master data management and adjacent sub-components of the supplier management market. We’ll also provide an outlook for customers of these solutions and for the broader growth of this sector as well (which Avetta pegs at a $14 billion market potential based on a referenced study to McKinsey in a briefing with Spend Matters prior to the deal announcement).

Today, we will start with a quick overview of the Avetta and Browz deal itself (facts/figures, estimated revenues, rationale, analysis, etc.) based on a variety of sources. Part 1 also includes a brief history of both providers and an overview of the current state of this market. For this series, our reference inputs include an interview earlier this week with the CEO of Avetta, John Herr, and over a dozen of other interviews conducted in recent years, as well as existing Spend Matters research (see previous Spend Matters PRO coverage on Avetta: Introduction/Background, Strengths / Weaknesses and Competitive Analysis/Customer Recommendations).

Transparency-One: Vendor Introduction, Analysis and SWOT [PRO]

Procurement and supply chain organizations are facing pressure from consumers, governments and investors to clean up their supply chains. Whether it’s traceability of ingredients (including their source and their quality), assurance that labor and facility conditions are up to code, or proof that emerging compliance standards like modern slavery laws are being met, companies are increasingly being tasked with mapping their entire supply chain while ensuring that suppliers are meeting, and tracking, myriad metrics for safety, sustainability and corporate social responsibility (CSR).

This is the narrative that Transparency-One, a provider of supply chain visibility and compliance tracking solutions, is betting the farm on. (This is apt, because the provider actually models and monitors farms as part of the extended supply chains being tracked within its system.)

Founded in 2016, Transparency-One enables executives in charge of sustainability or responsible sourcing to report accurate supplier and compliance data to sales, marketing and regulatory compliance functions about what’s happening in their supply chains end to end, as well as to map product tracking and quality information down to the lot/batch level.

While many such efforts are already underway at major companies, compliance tracking is often fragmented, with initiatives like conflict minerals compliance managed separately (and in different tools) from the tracking of, say, facility safety certifications. Transparency-One is seeking to bring all of these efforts into a single platform, starting first with the food, retail (e.g., grocery, apparel) and industrial materials (e.g., rubber, chemicals) sectors.

Currently operating in 30 countries and in six languages, Transparency-One counts traceability projects with Intermarché, Carrefour and Mars among its pilot customers. It has offices in Boston and Paris.

This Spend Matters PRO Vendor Introduction offers a candid take on Transparency-One and its capabilities. The brief includes an overview of Transparency-One’s offering, a breakdown of what is comparatively good (and not so good) about the solution, a SWOT analysis and a selection requirements checklist for companies that might consider the provider. It also touches upon graph databases and their use in this supply chain management, supplier management and risk management mashup area.

Beyond Supplier Risk Management: How Procurement Can Take a Leadership Role in Enterprise Risk Management (Part 2) — Aligning Enterprise Risk to Supply Risk [PRO]

risk

In Part 1 of this series, we described the process that most progressive procurement organizations use to relate enterprise risk to supply risk. Throughout such transformations, a single theme pervades: alignment. The premise here is that while value chains are, in fact, a chain of value that flows across multiple stakeholders, the “signal” often gets lost as the components of that value go across organizational and functional boundaries. We’ve written before about this concept of “supply performance management” (i.e., where the definition of supply and the supply scorecard gets translated from the customer-facing value chain all the way down to a supplier/contract level) in terms of measuring and managing supply value, but this same concept also inherently applies to risk management.

Risk management is about protecting those value streams, and therefore the commensurate investment in risk mitigation should align with the value streams themselves. Unfortunately, they often don’t, because stakeholders are not typically measured on risk management explicitly (although they can be measured on it implicitly).

Procurement itself faces this problem. Based on our research, only 8% of procurement organizations are formally measured on supply risk reduction. Instead, they’re measured on overt reward (vis a vis savings) but not on protecting those improved supply outcomes. So, if procurement wants to protect supply outcomes, it will need help and resources from the natural risk owners (i.e., those who are measured on the business outcomes affected by those risks) — and that help will not come unless there is visibility, commitment and action. As such, in this installment of this series, we’ll discuss two critical frameworks that organizations can use to gain alignment.

Coupa and Hiperos: Supplier Management, Compliance and Risk Landscape Implications [PRO]

This Spend Matters PRO brief explores the competitive implications of the Coupa-Hiperos transaction on the supplier management landscape. The analysis includes summary sector M&A implications and summary landscape/competitive implications. It also explores the potential impact on closer competitors to Hiperos (e.g., Aravo), more distant, network and community oriented peers (e.g., Achilles, Avetta, Browz, etc.); and “sleeping giants” on the periphery of the market such as D&B and Thomson Reuters.

Perhaps most relevant of all, as “compliance as a service” becomes more commonplace as a component of source-to-pay systems in areas ranging from supplier qualification to transactional/invoicing areas, we believe these latter groups may begin to come into contact with Coupa for the first time as the worlds of supplier intelligence and hybrid software, network and compliance collide in a networked manner across various industries.

Beyond Supplier Risk Management: How Procurement Can Take a Leadership Role in Enterprise Risk Management [PRO]

risk

There is no shortage of news about supply risk in today’s volatile operating market:

 

  • The 12-month LIBOR rate has gone from 2% to over 3% in 2018, and suppliers are beginning to feel a capital squeeze as buyers further stretch their DPO to hoard cash (beyond stock buybacks of course).
  • Brexit continues to loom as a bugbear regarding UK/EU trade. More broadly, geopolitical risk continues to escalate in the Middle East, Eastern Europe, Central America and the South China Sea.
  • S. trade policy still swings wildly at the press of a POTUS tweet, and so do commodity prices and volatility in general. The VIX index has spiked up 65% in the last 60 days alone.
  • Natural disasters driven by climate change are becoming commonplace and calamitous.
  • Competitive risks are sprouting up as digital disruption is creeping into almost every industry sector — and as monopolies “becomes features rather than bugs” with ongoing market consolidation. In response, compliance regimes like GDPR continue to crop up although enforcement is highly variable by region and country.
  • Cyber risk continues to be the most omnipresent risk that organizations are experiencing cross-industry while everyone is flocking to the cloud in record numbers.


So, enterprise risk management should be alive and well. And, logically, supply chain and procurement executives need to be increasingly prepared to work with their internal business partners to reduce this risk and defend the proverbial gates to keep the risks at bay.

Unfortunately, the castle walls are often not well-guarded because the sentries are not getting paid to do so. Procurement organizations in particular suffer from a misalignment between missing incentives for reducing supply risk and zealous Finance-driven incentives for increasing supply reward in the form of narrow purchase cost savings. Regarding the latter, nearly all groups get measured on purchase cost reductions, but only 41% get formal credit for saving money during the sourcing process when there is no initial cost baseline. However, only 8% of procurement organizations get such "hard credit" for reducing supply risk.

Part of the challenge here is that from an enterprise risk management (ERM) standpoint, there is a broader disconnect between evaluating enterprise risk overall versus extending those risk factors in a cohesive manner out to the supply chain and also out to the supply base (via spend categories and then to individual suppliers) where contracts are signed that hopefully help mitigate most supplier risks. There are four “translations” here where alignment gets lost, and to make matters worse, the risk types being managed are highly fragmented, if addressed at all — especially when various stakeholders are in the same boat as procurement regarding not getting credit (and commensurate resources/investment) regarding supply risk. Risk management gets viewed as a glorified insurance policy and set of “check the box” regulatory compliance mandates rather than a sound approach to bringing risk into the value equation (i.e., protecting the value streams of importance through the value chain).

So, the question becomes how can procurement help solve this when so much seems outside its control? And why even pursue it when there are other things to focus on like hitting savings targets?

The answer lies in deftly “connecting the dots” between enterprise risk and supply risk so that various stakeholders like GRC, internal audit, external auditors, divisional presidents, etc. can not only extend their reach into the extended supply chain, but can also be tapped to help bring some corporate power (and resources) to bear and help drive some changes internally and with your suppliers.

In this installment of Spend Matters PRO, we’ll dive into some best practices for gaining this multi-pronged alignment and also how to align supply risk management within various points of the source-to-pay (S2P) process itself. And, of course, if you want to see how various providers handle supply risk, whether S2P suite providers, or more specialized supplier management providers, then definitely check out our SolutionMaps in these respective areas here and here.

Coupa buying Hiperos: Acquisition Facts, Analysis and Insight [PRO]

Just this morning Coupa announced it was acquiring Hiperos as a carve-out transaction from Opus, which previously owned the supplier management, compliance and risk management solution provider. This Spend Matters PRO analysis provides background and quick facts on Hiperos. It also offers analysis and insight on what the transaction brings to Coupa from a capability perspective and attempts to answer the question: Why Hiperos?

Subsequent Spend Matters subscription briefs (PRO and SolutionMap Insider) will provide insight and analysis of the transaction by exploring the competitive implications of the acquisition for the supplier management and compliance market, offering additional customer insight and recommendations and providing a “Head-to-Head” analysis of Coupa and Hiperos from a supplier-management capability perspective.

Read this briefing to find out more about what Coupa is getting and possible reasons behind the Hiperos deal.

Procurement and Insider Trading: What You Need to Know [Plus +]

Procurement has increasing access to multiple levels of insider information. And just as we have seen enforcement impacting procurement and supply chain activities centered on FCPA compliance, it is likely an increasing set of activities tied to potential information leaks in the capital markets area will come under increased scrutiny as well. In the first installment of this Spend Matters Plus research brief examining the potential for insider trading based on procurement information, we covered lessons from other areas of the business as well as introducing the types of insider information that could be acted on by those inside the company or shared with external hedge funds or other parties. In this installment, we explore what you need to know about the potential for procurement and insider trading based on increasing data availability within procurement and supply chain organizations and key action steps you can take to prevent breaches.