Hundreds, thousands, or even tens of thousands of third parties power your company every minute of every day, in all your markets and geographies, for every product and service. Third parties are everywhere, in virtually every part of your business. You have less control over third parties than over your internal operations, so getting this right is essential for your company’s success.
Third-party relationships are complicated. But the “right” third parties, if thoughtfully evaluated, managed and controlled, deliver what you contracted for and serve up many opportunities to be better. Better means new products, services and markets. Better means access to specialized top talent, processes and technology. Better means less risk.
Unfortunately, risk is everywhere and even though technology is advancing in leaps and bounds, operational ecosystems are growing more complex every day. Consequently, risk events, cyber attacks, fraud, data corruption and privacy breaches are becoming commonplace, and are too often the fault of a careless third party. The proliferation of third-party relationships and new technologies means that it’s hard for companies to stay on top of third-party risks, and even harder to implement effective controls, monitoring and oversight.
Management of third-party risk is a relatively new discipline – involving a new set of skills, rigorous methodologies, well-crafted tools and advanced technologies. But proactive professionals need to learn the language of risk and learn it quickly because everyone is now a risk manager and everyone is responsible for effective and efficient risk management, particularly for critical third parties.
Linda Tuck Chapman, Third Party Management advisor, author, popular speaker & President, Ontala
It's the first full week after the holidays and you've undoubtedly got a full inbox and busy schedule. Here's a run-down of the resources, events and deadlines that help SIG delegates do their jobs better.
New York City Executive Immersion Program
When: February 7, 8:30 a.m. - 4:30 p.m.
Where: Morgan Lewis Offices, New York, New York
Our Executive Immersion Program agenda topics include contract drafting, negotiation techniques and automation in sourcing. This program is highly interactive and your team will come away with immediately implementable takeaways. Register in advance to attend.
Buying Technology in a Time of Disruption -- Ed Hansen, Partner, Morgan Lewis
In this workshop, paradigms will be discussed that leverage the “business value–deal process–negotiation–contract” connection; encourage sourcing, technology, and business alignment; and improve deal ROI, while minimizing and managing the risks that matter most. This program will be presented against the backdrop of complex ITO and BPO, digitization, automation, and the move to new delivery models, such as DevOps and hybrid cloud.
Innovation and transformation were dominant themes in the industry in 2018, so it only makes sense to move forward with those concepts in 2019. This month, SIG presents a new events format to help your team cultivate innovation and foster teamwork throughout 2019, enrollment is open for SIG University’s online certification programs and we have two new webinars that will help jumpstart your 2019 goals.
Save the Date for These 2019 Events
After feedback from the SIG Advisory Board, event attendees and our delegates, this year’s SIG events will follow a new format to give you and your team a fresh perspective and space to develop new strategies.
The most transformative change is the Regional SIGnature Events, which are one-day events for executives and their teams to network, swap ideas, engage in interactive discussions, participate in training workshops, and learn from industry analysts and experts who promote innovation and work to solve key challenges in the industry. Separate, concurrent roundtables for executive-level and delegate-level attendees will put you and your team in the company of peers from that region’s Fortune 500 and Global 1000 companies.
Mark your calendar for these events that break the cycle of dry, traditional training and will get your team excited and engaged.
Risk…it’s a four-letter word. And while it is not as offensive as others, it can have a far worse and much longer-lasting impact on an organization. What is most challenging though is that it can come in many forms, making risk mitigation difficult at best and financially devastating at worst. Geopolitical risk, third party vendors, hackers, terrorists, natural disasters, poorly or inadequately trained staff and other circumstances make the global supply chain vulnerable to disruption, costing businesses millions of dollars annually. This is never so apparent as it is after tragedy strikes an area. Consider Hurricane Florence or the Northern California “Camp Fire”— the damage from these devastating events will be long lasting to the communities they impacted and the businesses that supported them.
According to Resilinc’s Eventwatch report, nearly 2,000 supply chain events took place in 2017, representing a 30 percent increase over 2016. Put in context, this translates to roughly five events per day with approximately 25 percent of them requiring an impact notification. Four of the five most significant 2017 supply chain events (in terms of number of supplier sites impacted, number of parts impacted and average time to recovery) were from extreme weather conditions and include late winter storms in the northeast as well as Hurricanes Harvey, Irma and Maria. More than a year later, Caribbean islands like Puerto Rico and the U.S. Virgin Islands are still trying to recover and will likely see years pass before their economies rebound.
“It’s not just about cost savings--which was the traditional mindset of the Procurement function. It's about continually improving and re-evaluating how we’re buying to make sure we’re getting the best business outcomes.” - Neil Aronson, Head of Global Strategic Sourcing for Uber
Across all industries, margin and growth pressures are heating up. By 2021, 55 percent of technology procurement staff will require additional digital and analytical skills to enable their desired business outcomes (Gartner 2017). To succeed in this environment, CPOs must focus on closely aligning their team’s strategy and objectives with broader company goals. That requires changing the way their procurement and sourcing teams operate.
Changes of this nature call for a clear blueprint for transformation. And it starts with taking a closer look into current Procurement processes--and determining how success is being measured. A key insight: when organizations evolve alongside new technologies and market trends, so must the metrics needed to track performance.
Evolving Beyond Cost Savings to Accelerate Change
Historically, Procurement and Sourcing teams have been accountable for cost savings as the ultimate measure of success.
But as teams look to transform, they need to reshape their success metrics to chart a path forward. While anecdotal and periodic measurements are helpful, they are forgotten without a consistent stream of key performance indicators (KPIs) to indicate the overall direction of progress.
Stan Garber, President and Co-Founder at Scout RFP
Keynote speakers, thought leaders and industry publications show no signs of slowing when it comes to evangelizing the benefits of the supply chain’s digital transformation. With its promises to save you time and money, the market has exploded with offerings of cloud-based solutions, IoT devices and a legion of outsourced practitioners who can make all of your spend visibility and risk management dreams come true. But for all the benefits touted, what is often left out of the conversation is the topic of security, especially as it relates to third-party vendors.
The Path of Least Resistance
As hackers become cleverer in their approaches, they’ve moved from directly attacking large organizations to exploiting vulnerabilities and penetrating third-party cloud software, apps and IoT devices to implant malware directly into the software or steal login credentials. “The challenge with supply chains is that they are multifaceted and there are many places where a hacker can enter,” says Brandon Curry, Senior Vice President with NTT Communications. Curry, who is also a Certified Ethical Hacker, frequently reports on trends in cloud and supply chain software security. He notes that the top cost of a supply chain breach is legal and reputational costs, with software supply chain attacks costing an average $1.1 million per attack globally.
Compromised software is one of the primary causes of supply chain software breaches, and the damage isn’t limited to grabbing customer credit card numbers or personally identifiable information (PII). Hackers are also looking to steal intellectual property, mine your customer base, counterfeit your product and take over your market share.
Think environmental, social and governance (ESG) factors only matter to specialist investors? While ESG standards may have been the exclusive purview of sustainability investors a few decades ago, that is no longer the case. “Only two decades ago, concerns about climate change, water scarcity, exposure to corruption, working conditions in the supply chain and gender equality were barely on the agenda of company executives. They were considered externalities or were dealt with through philanthropic approaches with little or no impact on the bottom line,” noted Harvard Professor of Management Practices Dr. Robert Eccles, and former United Nations Global Compact Executive Director Georg Kell. But times have changed.
Just two years ago, the Organization for Economic Co-operation and Development (OECD) began promoting “responsible business conduct for institutional investors” in its Policy Framework for Investment. In it, the OECD encourages investors to engage with corporate leadership on ESG risk and contends that ESG issues represent part of a company’s fiduciary duty when evaluating long-term value. It’s an approach that more institutional investors are taking to heart. In an article on EthicalBoardroom.com, Michelle Edkins, a Managing Director and Global Head of Investment Stewardship at BlackRock writes, “An emphasis on investing for the long-term, changing client and societal expectations, and better data, reporting and research have all influenced a steady mainstreaming of ESG considerations by investors.”
And just like that, it’s nearly the new year! With a few weeks left in 2018, you still have time to achieve the professional goals you set earlier in the year. Squeeze in some last-minute training by registering for a webinar, join us as a presenter at a regional SIGnature Event or Global Executive Summit, or consider becoming a contributor to Future of Sourcing Digital.
This webinar will focus on best practices for creating and executing a business case for a Procure-to-Pay (P2P) transformation.
Utilizing a case study that highlights the “flight plan” of Curtiss-Wright, a manufacturer that traces its origins back to the Wright Brothers, webinar attendees will learn how the company transformed its P2P process to arrive at a more strategic destination after discovering imbalanced resource allocation that led to procurement resources spending 80 percent of their time on just 5 percent of the total spend.
Looking to control and optimize your services spend more effectively? Join this webinar with Coupa for a deep dive into a comprehensive solution that includes advanced services and contingent workers.
You’ll learn how the right technology can streamline your services procurement process and see firsthand how the right solution can enable you to drive more adoption, accelerate your time to value and reduce costs.
Register for your virtual seat now. Can't join at the date and time listed? You can still register to get the on-demand recording!
Shopping, buyers, shopping carts, savings, back office, JUST STOP DUMBING US DOWN!
As many of you know, my passion is to help elevate the sourcing industry to receive the attention, seat, respect (and yes, pay) that it deserves. So why do sourcing professionals keep self-sabotaging by using the term BUYER to describe ourselves? The only time this is a sexy title is perhaps if you are the buyer of fashion who attends runway shows and hobnobs with designers. Buying is what I do when I “shop,” like for groceries. We as sourcing professionals are NOT shopping.
So onto my next pet peeve, why do we have cute little icons that look like grocery carts to check out within our tools? Yes, it makes it seem like an easy process when pushing it out to our internal customers, but it connotes “shopping,” which, as we have just discussed, we are not doing. We are selecting items from a carefully sourced category after a lot of thoughtful processes have taken place. Why can’t we use an icon that better showcases the importance of this role?
The SIG Peer2Peer (P2P) program allows members to access benchmarking insights and best practices on topics specific to their needs. Using the Peer2Peer resource, members can leverage the experience of other industry professionals by posing questions to the greater SIG community on issues they are facing within their organization. Members use the forum to locate resources, source providers, seek advice on hot topics and share their lessons learned.
Below are the latest Peer2Peer inquiries. You or someone on your team may know the answer to one of the questions below. If you do, please take a moment to help a SIG member from the buy-side. You may need their help one day, too! To submit your own Peer2Peer inquiry, get in touch and we’ll pose your question to the SIG Community.
This buy-side member is re-writing their procurement policy and revamping their process for the requested addition/approval of a new supplier. They are seeking best practices for procurement policies, specifically covering the following topics:
What spend does/does not require a PO?
What are the consequences for procurement policy violations? For example: Committing company funds without a PO or contract.
How are violations to the procurement policy enforced?
What is the process for requesting a new supplier add? Who reviews/approves/denies this request?