SIG University Certified Third Party Risk Management Professional (C3PRMP) Program graduate Cindy Lingerfelt works at Blue Cross Blue Shield of Florida. She shares what she’s learned about third-party risk management and how her small team plans to build a stronger risk culture.
In the C3PRMP program, students focus on best and emerging practices to identify, assess, manage and control third-party risk throughout the lifecycle of relationships, and learn how to align risk fundamentals and frameworks with risk culture to develop the essential tools and controls for effective governance.
I work for Blue Cross Blue Shield of Florida on the Procurement team. My sub-team, Supplier Management, is small and we wear many hats. We were the first in our organization to implement some standardization for how critical suppliers were managed by developing a segmentation questionnaire to tier our suppliers and worked with business owners to get all Tier 1 suppliers on performance scorecards. Our role was to provide standard formatted scorecards with a library of the most common KPIs, stationary, QBR templates and more.
Due to an incident with a supplier, the board made a directive that supplier risk should have a more explicit focus. A new team called Enterprise Risk Management was formed within Corporate Affairs/Internal Audit to address supplier risk and closely partner with Procurement on new suppliers and manage risk with our current supplier base.
Cindy Lingerfelt, C3PRMP, Sourcing Specialist, Florida Blue
SIG University Certified Sourcing Professional (CSP)programstudent Jessica Maki works at Driven Brands. She shares what she’s learned about contract negotiation and how she is implementing newly learned best practices and techniques to score bigger wins and drive more savings for her company.
In the CSP program, students focuson the hard and soft skills of sourcing, including strategic sourcing and outsourcing methodologies, as well as best practices in negotiations.
Negotiation planning plays a big part in the procurement industry. Procurement is always looking for the best price, best supplier performance and cost savings for the organization. In SIG University’s Certified Sourcing Professional program, I learned several key factors when it comes to negotiating with suppliers including preparation, best practices, and what to do versus what not to do. Throughout my experience as a procurement specialist, I’ve learned to apply these important techniques during the negotiation process, and it has helped me become a more confident negotiator.
As a sales professional, I never thought to learn another profession’s language to get ahead of the game. I am not talking about native language, but about industry language. While we may all speak the same language in corporate America, we often don’t understand what the other is trying to say.
When you go to the doctor’s office and receive a diagnosis, or when you try to understand what your bill says after getting a check-up, tune-up, court appearance or whatever it may be, we don’t always speak that specialized language and have to get someone to translate. It is frustrating, to say the least.
Sales professionals work with all kinds of industries, companies, people and cultures. Whether you work with lawyers, doctors, biologists, mechanics or procurement, they all have their own unique language. I’ve worked among CTOs, CIOs CEOs, VPs and the like, and while I consider myself a very good salesperson, I wasn’t always speaking their language, which cost me closing deals.
A little over a year ago I started working with Sourcing Industry Group (SIG), which provides thought leadership, training and networking opportunities to executives in sourcing, procurement, outsourcing, shared services and risk from Fortune 500 and Global 1000 companies. I admit, I hadn’t worked with many people in procurement, supply chain or sourcing, but I had sent many RFPs, RFQs and contracts through procurement departments that never received a response, feedback or anything, which further compounded my frustration.
Brie Pritchard, Director of Business Development, Sourcing Industry Group
Outlined here is information about the upcoming changes and benefits of your C3PRMP designation, as well as a profile of our students.
What changes are coming to SIG University’s C3PRMP program in January 2020?
In January 2020, the duration of SIG University's C3PRMP program will be extended from eight weeks to 10 weeks. Multiple-choice review questions at the end of each module will test all students’ knowledge and require a minimum passing score of 80%.
SIG University student Hanne McBlain enrolled in the Certified Third Party Risk Management Professional (C3PRMP) Program while working at Information Services Group. She shares what she learned from her own experience with a data breach and how she is taking a proactive approach to IT vendor risk management to mitigate future business disruptions.
In times of cost-cutting, vendor management functions that include third party risk are often the first to go or be significantly reduced. Many senior executives fail to see the value these functions bring and are usually happy to cover third party risk as part of a general risk function.
Stakeholder Support is Critical
I previously worked for an organization that prided itself on not relying on third parties for any critical functions. Redundancy was abundant and built into every platform, and on the surface, there was not much to worry about when it came to third party risk.
During my time there things started to change. We convinced the organization to implement a third party risk management framework. But with no experience in this area, we were fighting an uphill battle. We managed to win support and quickly implemented standard due diligence and on-going monitoring of critical suppliers. The business stakeholders generally regarded the added due diligence and tracking as unnecessary and bureaucratic.
SIG University student Moath Alswaidan enrolled in the Certified Sourcing Professional (CSP) program and works at Mitsubishi Heavy Industries – MHPS Saudi Arabia. He shares what he’s learned in the program and how his team plans to implement best practices in supplier performance management.
Supplier performance management is one of the most important areas in sourcing and supply chain management and I feel fortunate to have worked on both the sell side and buy side of the table. Most of the sourcing process requires much effort from both sides until the work is awarded to the supplier. Supplier selling teams spend time and effort to prepare to negotiate a proposal that best fits the buyer. At the same time, the buyer team needs to put the same effort in searching and selecting the best proposal for their organization. It is a waste if the agreement doesn't last due to the lack of supplier performance management.
The supplier performance management process begins by selecting the team from both the buyer and supplier organization. The mission is to translate the contract into the operation language and identify the measurement and monitoring criteria. This task is called transition. The team should have enough knowledge of the business and the scope of work defined in the contract. The transition process requires a joint effort from the transition team and may also require the support of other teams in the organization. The transition process is considered a change from an existing state to the desired state. Therefore, it is recommended to adapt to Lewin's Change Management Model: Unfreeze, Change and Refreeze.
Moath Alswaidan, Supply Chain Manager, Mitsubishi Heavy Industries – MHPS Saudi Arabia
In the global supply chain landscape, cybersecurity threats are increasing exponentially. Fortune 500 companies’ sensitive information is leaked because hackers target their vendors and business partners, and organizations that might not be as secure as their corporate buyers. Every supplier and business partner can become an added risk. Working with global companies big and small, one of the most significant opportunities that I've observed is managing multi-tier suppliers and mitigating risk. We can support all our suppliers through secured technology and the principle of “unconditional procurement.”
Daryl Hammett, CSMP, CSP, C3PRMP, General Manager/Chief Operating Officer, ConnXus
SIG University Certified Supply Management Professional (CSMP) student, Justin Kline, works at Canon. In this blog, he shares his learnings about the pivotal role of executive sponsorship in governance transformation and how his team plans to implement some of the best practices within his job function and organization.
In this program, SIG University students will comprehend the significance of governance, risk and compliance. They’ll understand the various levels of supplier management governance, including corporate, business unit and contract level activities. They are also able to select the appropriate governance program, and key components, for each relationship model. They gain an effective understanding of how to capture and activate innovative ideas through the governance structure, in addition to describing the critical tools to use in implementing a governance program.
At Canon, I am responsible for scoping and delivering outsourced services to our customers. Today, our customers are looking to Canon not only to take over a business process but also to assist or lead the transformation of the process simultaneously. These types of projects require more time, resources and investment by both sides to achieve targeted results. This level of investment and risk makes these projects higher profile.
Since transformative change is disruptive and typically requires a paradigm shift within the organization, it necessitates the right types of governance to manage successfully. One of the critical elements of ensuring a transition plan is effectively met is having the right level of executive sponsorship and involvement.
Keynote speakers, thought leaders and industry publications show no signs of slowing when it comes to evangelizing the benefits of the supply chain’s digital transformation. With its promises to save you time and money, the market has exploded with offerings of cloud-based solutions, IoT devices and a legion of outsourced practitioners who can make all of your spend visibility and risk management dreams come true. But for all the benefits touted, what is often left out of the conversation is the topic of security, especially as it relates to third-party vendors.
The Path of Least Resistance
As hackers become cleverer in their approaches, they’ve moved from directly attacking large organizations to exploiting vulnerabilities and penetrating third-party cloud software, apps and IoT devices to implant malware directly into the software or steal login credentials. “The challenge with supply chains is that they are multifaceted and there are many places where a hacker can enter,” says Brandon Curry, Senior Vice President with NTT Communications. Curry, who is also a Certified Ethical Hacker, frequently reports on trends in cloud and supply chain software security. He notes that the top cost of a supply chain breach is legal and reputational costs, with software supply chain attacks costing an average $1.1 million per attack globally.
Compromised software is one of the primary causes of supply chain software breaches, and the damage isn’t limited to grabbing customer credit card numbers or personally identifiable information (PII). Hackers are also looking to steal intellectual property, mine your customer base, counterfeit your product and take over your market share.
When she’s not challenging the status quo and meeting her budget targets at the bank, Debbie helps to make her community a better place as the leader of the Huntington Women's Network Business Resource Group and as a volunteer with various Columbus charity organizations. A big believer in the power of personal connections, Debbie talks about her role at the bank, the importance of utilizing technology and her tips for building professional relationships that can pay off down the line. Debbie is well-known in the SIG community as a member of the SIG Thought Leadership Council, the SIG University Advisory Board and she leads the Steering Committee of the Risk Management Association’s Third Party Management Round Table.
Your keynote presentation at the Columbus CPO Meet and Eat was about tail spend management--why is this such a hot topic?
Huntington’s sourcing team, like many other companies, is lean. Identifying ways to direct low-dollar, high-transaction volume spend to a consistent, repeatable process through catalogs, spot-buys amongst preferred providers or non-catalog PO’s helps focus the team on more strategic projects while maintaining cost discipline in the tail.