SIG University student Hanne McBlain enrolled in the Certified Third Party Risk Management Professional (C3PRMP) Program while working at Information Services Group. She shares what she learned from her own experience with a data breach and how she is taking a proactive approach to IT vendor risk management to mitigate future business disruptions.
In times of cost-cutting, vendor management functions that include third party risk are often the first to go or be significantly reduced. Many senior executives fail to see the value these functions bring and are usually happy to cover third party risk as part of a general risk function.
Stakeholder Support is Critical
I previously worked for an organization that prided itself on not relying on third parties for any critical functions. Redundancy was abundant and built into every platform, and on the surface, there was not much to worry about when it came to third party risk.
During my time there things started to change. We convinced the organization to implement a third party risk management framework. But with no experience in this area, we were fighting an uphill battle. We managed to win support and quickly implemented standard due diligence and on-going monitoring of critical suppliers. The business stakeholders generally regarded the added due diligence and tracking as unnecessary and bureaucratic.
This month, SIG announces the finalists for the Future of Sourcing Awards, you’ve got one more shot to earn a sourcing, supply chain or risk management certification in 2019, and SIG CEO and President Dawn Tiura needs your help with a tail spend question.
SIG University student Moath Alswaidan enrolled in the Certified Sourcing Professional (CSP) program and works at Mitsubishi Heavy Industries – MHPS Saudi Arabia. He shares what he’s learned in the program and how his team plans to implement best practices in supplier performance management.
Supplier performance management is one of the most important areas in sourcing and supply chain management and I feel fortunate to have worked on both the sell side and buy side of the table. Most of the sourcing process requires much effort from both sides until the work is awarded to the supplier. Supplier selling teams spend time and effort to prepare to negotiate a proposal that best fits the buyer. At the same time, the buyer team needs to put the same effort in searching and selecting the best proposal for their organization. It is a waste if the agreement doesn't last due to the lack of supplier performance management.
Transition Process
The supplier performance management process begins by selecting the team from both the buyer and supplier organization. The mission is to translate the contract into the operation language and identify the measurement and monitoring criteria. This task is called transition. The team should have enough knowledge of the business and the scope of work defined in the contract. The transition process requires a joint effort from the transition team and may also require the support of other teams in the organization. The transition process is considered a change from an existing state to the desired state. Therefore, it is recommended to adapt to Lewin's Change Management Model: Unfreeze, Change and Refreeze.
Moath Alswaidan, Supply Chain Manager, Mitsubishi Heavy Industries – MHPS Saudi Arabia
Daryl Hammett is COO and General Manager at ConnXus, a supplier management software company. Daryl completed the Certified Third Party Risk Management Professional (C3PRMP) program through SIG University. He shares how he is implementing the best practices he learned in the program to mitigate cybersecurity risk at ConnXus.
In the global supply chain landscape, cybersecurity threats are increasing exponentially. Fortune 500 companies’ sensitive information is leaked because hackers target their vendors and business partners, and organizations that might not be as secure as their corporate buyers. Every supplier and business partner can become an added risk. Working with global companies big and small, one of the most significant opportunities that I've observed is managing multi-tier suppliers and mitigating risk. We can support all our suppliers through secured technology and the principle of “unconditional procurement.”
Daryl Hammett, CSMP, CSP, C3PRMP, General Manager/Chief Operating Officer, ConnXus
“April prepares her green traffic light and the world thinks GO.” – Christopher Morley
April is the start of a new quarter and many teams are seeking ways to make maximum impact on their goals and ultimately their company’s bottom line. To help you put the pedal to the metal this month, SIG has opportunities for training, industry networking and a chance to get recognized for all of the hard work you’ve put in.
SPRING GLOBAL EXECUTIVE SUMMIT
The Spring Global Executive Summit takes place April 15-17 at the Omni Amelia Island Plantation Resort in Amelia Island, FL. This Summit will connect you with other executives and industry experts, so come with an open mind, plenty of business cards and a sincere interest in becoming more strategic and influential.
At this Summit, all of the keynote sessions will bring remarkable stories and insights that will leave you feeling refreshed and inspired, with lots of great ideas to bring back to your team. Here's a look at two of our featured keynotes:
Clint Bruce -- Pursuing Elite: The Five Gifts of Elite Achievers
In any endeavor you can only have one of five outcomes: bad, average, good, excellent, and elite. If the endeavor is your passion or profession, the only acceptable result is somewhere between excellent and elite. Clint uses powerful stories and lessons learned as a highly decorated athlete and member of the elite SEAL Teams to share with the audience techniques to become an elite achiever in all aspects of life.
Sunil Gupta, Avinash Pemmaiah, Brad Killinger -- How do you Innovate to Buy Smart? Ask the Experts!
SIG University Certified Supply Management Professional (CSMP) student, Justin Kline, works at Canon. In this blog, he shares his learnings about the pivotal role of executive sponsorship in governance transformation and how his team plans to implement some of the best practices within his job function and organization.
In this program, SIG University students will comprehend the significance of governance, risk and compliance. They’ll understand the various levels of supplier management governance, including corporate, business unit and contract level activities. They are also able to select the appropriate governance program, and key components, for each relationship model. They gain an effective understanding of how to capture and activate innovative ideas through the governance structure, in addition to describing the critical tools to use in implementing a governance program.
At Canon, I am responsible for scoping and delivering outsourced services to our customers. Today, our customers are looking to Canon not only to take over a business process but also to assist or lead the transformation of the process simultaneously. These types of projects require more time, resources and investment by both sides to achieve targeted results. This level of investment and risk makes these projects higher profile.
Since transformative change is disruptive and typically requires a paradigm shift within the organization, it necessitates the right types of governance to manage successfully. One of the critical elements of ensuring a transition plan is effectively met is having the right level of executive sponsorship and involvement.
Innovation and transformation were dominant themes in the industry in 2018, so it only makes sense to move forward with those concepts in 2019. This month, SIG presents a new events format to help your team cultivate innovation and foster teamwork throughout 2019, enrollment is open for SIG University’s online certification programs and we have two new webinars that will help jumpstart your 2019 goals.
Save the Date for These 2019 Events
After feedback from the SIG Advisory Board, event attendees and our delegates, this year’s SIG events will follow a new format to give you and your team a fresh perspective and space to develop new strategies.
The most transformative change is the Regional SIGnature Events, which are one-day events for executives and their teams to network, swap ideas, engage in interactive discussions, participate in training workshops, and learn from industry analysts and experts who promote innovation and work to solve key challenges in the industry. Separate, concurrent roundtables for executive-level and delegate-level attendees will put you and your team in the company of peers from that region’s Fortune 500 and Global 1000 companies.
Mark your calendar for these events that break the cycle of dry, traditional training and will get your team excited and engaged.
Keynote speakers, thought leaders and industry publications show no signs of slowing when it comes to evangelizing the benefits of the supply chain’s digital transformation. With its promises to save you time and money, the market has exploded with offerings of cloud-based solutions, IoT devices and a legion of outsourced practitioners who can make all of your spend visibility and risk management dreams come true. But for all the benefits touted, what is often left out of the conversation is the topic of security, especially as it relates to third-party vendors.
The Path of Least Resistance
As hackers become cleverer in their approaches, they’ve moved from directly attacking large organizations to exploiting vulnerabilities and penetrating third-party cloud software, apps and IoT devices to implant malware directly into the software or steal login credentials. “The challenge with supply chains is that they are multifaceted and there are many places where a hacker can enter,” says Brandon Curry, Senior Vice President with NTT Communications. Curry, who is also a Certified Ethical Hacker, frequently reports on trends in cloud and supply chain software security. He notes that the top cost of a supply chain breach is legal and reputational costs, with software supply chain attacks costing an average $1.1 million per attack globally.
Compromised software is one of the primary causes of supply chain software breaches, and the damage isn’t limited to grabbing customer credit card numbers or personally identifiable information (PII). Hackers are also looking to steal intellectual property, mine your customer base, counterfeit your product and take over your market share.
When she’s not challenging the status quo and meeting her budget targets at the bank, Debbie helps to make her community a better place as the leader of the Huntington Women's Network Business Resource Group and as a volunteer with various Columbus charity organizations. A big believer in the power of personal connections, Debbie talks about her role at the bank, the importance of utilizing technology and her tips for building professional relationships that can pay off down the line. Debbie is well-known in the SIG community as a member of the SIG Thought Leadership Council, the SIG University Advisory Board and she leads the Steering Committee of the Risk Management Association’s Third Party Management Round Table.
Your keynote presentation at the Columbus CPO Meet and Eat was about tail spend management--why is this such a hot topic?
Huntington’s sourcing team, like many other companies, is lean. Identifying ways to direct low-dollar, high-transaction volume spend to a consistent, repeatable process through catalogs, spot-buys amongst preferred providers or non-catalog PO’s helps focus the team on more strategic projects while maintaining cost discipline in the tail.
SIG’s Fall 2018 Global Executive Summit in Rancho Mirage, California, is less than three weeks away! That means it’s time to kick things into high gear and prepare yourself and your team for the most innovative and thought-provoking sourcing event of the year.
With more than 350 delegates in attendance, numerous educational sessions and workshops, plus how-to labs, speed networking, a CPO Roundtable Program and a charity golf scramble, there is a lot to prepare for! Navigating such a vast event may seem overwhelming at first, but don’t fret. I’ve outlined four tips that will have you walking into the Summit like a seasoned vet.
1. Plan Your SIG Summit Agenda with the new SIG Events App
One thing you’ll want to do before you depart for Rancho Mirage is to create your Summit agenda. This fall, with 100+ speakers, 50+ educational sessions, panel discussions, networking receptions, keynote presentations, how-to labs and fun entertainment, there is a lot to do in just four days! Even if you’re a longtime Summit attendee, planning your agenda goes a long way. To make this easy on delegates, we have a new app with a built-in schedule planner tool.
There are multiple ways to download the SIG events app to your smart device:
.png "SIG Speaks to Debbie Manos-McHenry, Chief Sourcing Officer")
Vendor Risk Management: A Proactive Approach
SIG University student Hanne McBlain enrolled in the Certified Third Party Risk Management Professional (C3PRMP) Program while working at Information Services Group. She shares what she learned from her own experience with a data breach and how she is taking a proactive approach to IT vendor risk management to mitigate future business disruptions.
In times of cost-cutting, vendor management functions that include third party risk are often the first to go or be significantly reduced. Many senior executives fail to see the value these functions bring and are usually happy to cover third party risk as part of a general risk function.
Stakeholder Support is Critical
I previously worked for an organization that prided itself on not relying on third parties for any critical functions. Redundancy was abundant and built into every platform, and on the surface, there was not much to worry about when it came to third party risk.
During my time there things started to change. We convinced the organization to implement a third party risk management framework. But with no experience in this area, we were fighting an uphill battle. We managed to win support and quickly implemented standard due diligence and on-going monitoring of critical suppliers. The business stakeholders generally regarded the added due diligence and tracking as unnecessary and bureaucratic.