SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Anna Sgro shares how adding procurement roles into third-party risk management systems can be a very effective contribution to your team.

Across many organizations, there is an outstanding need to baseline what, if any, activities are taking place to manage third-party due diligence proactively. From my specific experience, Procurement's role is only sometimes well established and often has limited involvement in third-party risk management. The lack of engagement with the Procurement team introduces unnecessary risk and exposure for an organization.

Incorporating Procurement in third-party risk management and analysis will increase visibility, broaden awareness, and reduce risk by ensuring consistent sourcing, contracting controls, management, and monitoring processes. The standard practice for most Procurement teams includes evaluating new third parties, facilitating the sourcing and contract negotiations, and primarily being responsible for ensuring appropriate terms are in place. However, without a clearly defined path of communication and standardized processes, there's still potential for the organization to be exposed to unknown risks when bringing on a new critical third.

SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Mona Josten discusses the importance of having a high-quality third-party risk management program 

"Without data, you're just another person with an opinion."

• Edwards Deming, Statistician

Linda Tuck Chapman, instructor and course designer at SIG University, states that Third-Party Risk Management is a team sport. A team consists of lots of different people with lots of different opinions. These opinions might be based on the various roles and result in other goals they have. They all strive for the same overall target, a managed and their company acceptable risk, but might have a different focus. The risk analyst might be especially eager to analyze the risk deeply, and the buyer might want to focus on a fast decision to close a deal.  

So, what can help turn their opinions into a decision? Or help, whoever has the right and the responsibility, help them make a decision? Of course, the answer is a high-quality database that turns opinions into facts. It is essential to ensure a high-quality database, especially in a worldwide program with different risk areas, teams, and global regulatory requirements. High quality, in that case, means (at least) that the data is accurate, that it contains all required data fields, that it has a clear structure, and that it is accessible to all relevant people while still restricting the possibility of editing the database itself (meaning strict controls).

In what was traditionally a siloed function, separate from overall executive and organizational strategy, procurement professionals have more recently become integral to company operations and resilience. This prominence grew during the COVID pandemic, which broke down barriers between departments and raised attention to the importance of Chief Procurement Officers (CPOs) and other procurement personnel, and the work they do.

The Power of Procurement

The procurement team is at the interface between the enterprise and the extended enterprise: the organization and its suppliers. Procurement professionals are in the position to understand the risks and the wider ecosystems their suppliers operate in. They, like no other function, can make predictive connections and be able to quickly identify risks specific to one supplier or those endemic to the wider ecosystem, and quickly pivot alongside the business accordingly. And it’s not just risk, but opportunity and innovation for the enterprise, such as identifying new products, materials, capabilities and offerings.

With this greater inclusion of procurement professionals into organizational strategy, CPOs and similar roles need to begin to reframe how the function can best serve the organization, and how other departments can serve them. One key to this new way of thinking is framing procurement around holistic risk management, particularly when it comes to managing third parties, suppliers and the supply chain.

Best Practices for Taking a Holistic Approach to Procurement

While not everything in this shift can be implemented immediately, there are general aspects of agility that should be on procurement’s agenda, including:

SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Andrea Solano discusses how taking the C3PRMP program helped her to implement the framework for her team to operate as an optimal risk management and risk mitigation function across her department and enterprise-wide. 

 There are different types of workstreams and specializations that have been around a long time. However, the discipline of Third-Party Risk Management is something that is in the very beginning stages of inception. Currently, it is evolving into a discipline that many organizations shall be implementing as a standard operating function in the Silicon Valley business sector I work at. Working at Silicon Valley, the term Third-Party Risk management is still somewhat foreign and not understood as a critical and vital risk management function.

Third-Party Risk Management Function

The key role that I fulfill within the Third-Party Risk Management life cycle is in the due diligence process, which is the internal audit function that serves as a 2.5 – 3rd line of defense within my organization’s Risk Management Function. The SIG University Third-Party Risk Management training that I have taken throughout these past ten weeks has been highly instrumental for me. It will help create, build-out, and develop an internal audit framework that will be customized to meet the needs of this brand-new Third-Party Risk Management function within my organization.  

Procurement is a business function that offers so much in the way of value. However, its not always easy to showcase the full spectrum of what procurement provides to other teams or get the necessary buy-in from sponsors or stakeholders to support procurement activities. In fact, one of the common pain points for procurement practitioners is the ability to align finance.

Finance is a critical business function. So much of what guides operations is based on the bottom line and therefore it is absolutely essential that procurement align with finance. Without this collaboration, procurement teams will struggle to gain credibility within an organization and will be less able to contribute to the overall success of the business. In order for procurement to truly be successful, it needs to align with finance. Here are some tips for helping achieve alignment between finance and procurement.

Develop a reporting structure that promotes collaboration

Reporting is essential for keeping different departments aligned. It’s only logical that the department in charge of managing money and the team that handles buying should coordinate. To really make the most of your collaborative efforts, try syncing on reporting structure to increase adoption. Ideally, procurement would actually fall under the purview of finance wherein the CPO reports directly to the CFO to increase that alignment. Benefits include: