The Importance of Selecting the Right Sourcing Business Model

Selecting the Right Sourcing Business Model

SIG University Certified Supplier Management Professional (CSMP) program graduate Gicela Isla-Richter breaks down the importance of the selecting the correct sourcing business model and the levels of supplier management.


The CSMP course has provided me with the tools and methodologies to help my company ensure that the supplier provides value and complies with applicable internal and external business rules. Equally important, we can better mitigate risks and work more effectively by providing the right amount of effort to manage and build a collaborative relationship with its key suppliers.

Not all suppliers should be managed the same way: each supplier requires a “right-sized” level of governance!

What is Supplier governance?

It is a framework mutually agreed upon by the buyer and supplier. It establishes and enforces rules, distributes authority, defines working environments and identifies risks.

Depending on the importance of the service or product, supplier governance can span through multiple levels of company governance: i.e., corporate, business unit, and contract governance.

  • Corporate governance outlines policies for the overall corporation to ensure strategic fit
  • Business unit governance outlines the specific rules and procedures applicable to the business unit
  • Contract governance outlines how the company manages its contracts and business relationships with suppliers, outsource service providers and partners

There are seven models, identifying a supplier as: Basic Provider, Approved Provider, Preferred Provider, Performance-Based/Managed Service, Vested Business, Shared Services and Equity Partnership. These models determine the effort we need to invest to achieve successful supplier management.

To determine which one of the seven models is most appropriate, we have to analyze the supplier based on two criteria:

  • The relationship model refers to how the company will control or influence the supply source. There are three relationship models: transactional contract, relational contract and Investment integration.
  • The economic model determines how the company will manage the financial/commercial aspect of the relationship. There are three economic models: transaction-based, output-based and outcome-based.

The majority of relationships in our company are transactional or relational. Transactional models are characterized by less risk, dependency and value potential. Relational models have more risk and value potential (see slide below).

Transactional and Relational Model

For each relationship business model, a required level of supplier management is needed. The effort a company invests in managing its suppliers is considered supplier management levels. There are four levels of supplier management:

  • Purchase Order management – its basic purchasing function. Finance governs the function.
  • Contract management – a contract or a master service agreement is made. Legal oversees the execution of the agreement.
  • Supplier performance management - the supplier is managed by a specific KPI. The sourcing organization manages supplier relationships.
  • Supplier governance – the relationship is managed by the sourcing organization and stakeholders who have insight into daily operations. A structured framework is in place and reviewed on an ongoing basis.

The GRC Tool

In my current position as an Enterprise Risk Manager, I was instrumental in implementing a Software as a Service (SaaS) solution in our company – the Governance, Risk and Compliance (GRC) tool.

Our GRC tool enables processes that incorporate our rules and policies to ensure accountability, responsibility and transparency. It helps us identify and mitigate risks, track issues, and identify and mitigate them, track issues, and comply with internal and external policies and regulations. We implemented the Governance structure of our organization and different business units: it includes their various roles and responsibilities and facilitates the creation of reports and dashboards.

We have recently expanded the use of the tool to manage our suppliers. The GRC solution helps us adhere to best practices, perform planning and due diligence, and allow supplier segmentation based on pre-defined parameters. We have configured the tool to allow for the segmentation of our suppliers using a risk-based approach.

Using the logic we established, it identifies suppliers that matter most and enables both an individual supplier view and a portfolio view across all suppliers. It lets us assess risks based on the nature of the services and due diligence results. It is also a central repository of relevant supplier information, contracts, policies, risks, controls and issues related to suppliers. We use it to perform supplier initial due diligence and periodic performance and risk assessments on Relational relationships.

In summary, this course made me aware of the importance of formal Governance programs on different levels and that collaborative relationships with suppliers can hugely impact a company’s objectives. As a takeaway from this course, our company could benefit from assessing the relationship model and the appropriate governance before the contract is signed to reflect the proper supplier governance requirements. I have intensified my knowledge of concepts and best practices that can help me identify areas for improvement within our company. I am looking forward to applying more of these concepts in my current position.


The Certified Supplier Management Professional program is a five-week course delivered through SIG University’s unique education platform. Visit our website to learn more about the discipline of governance and enroll for the upcoming semester.

Gicela Isla-Richter, Enterprise Risk Manager, Investment Industry Regulatory Organization of Canada