Resilience offers a competitive edge to organisations by helping them be more agile
Volatility and disruption have become the new norm and organisations who intend to thrive in this new era need to embrace agility and get a clear resilience strategy in place. As organisations become increasingly agile, third party risk management cannot be treated as a separate activity – risk is one of many factors considered across all decision-making relating to third-party spend. But…! What we don’t want, of course, is for the pendulum to swing so far that it hampers the kind of risk-taking necessary for growth. The sweet spot of calculated risk is the interesting space for procurement to be playing in – weighing up value and risk to inform strategic decision-making and really drive long-term growth.
Like all decision-making, having access to all the facts, understanding all the risks, and having clear governance in place to act on all that information is key, and this is how we’re seeing third party risk management evolving today. With a greater value placed on corporate resilience, the conversation is changing – CPOs no longer need to justify the expenditure, instead they are helping the organisation realise that resilience is a value unto itself.
Having access to information faster, the flexibility to accommodate rapid demand and supply variations, ensuring organisations have options available to them, all contribute to achieving greater agility and greater resilience. Adnan Rizvi, Chief Procurement Officer at Akamai Technologies discussed how, as a result of a rapid rise in market demand which put them in a supply constraint situation, they needed to become more agile, and also educate their stakeholders to adopt greater flexibility and a more adaptive mindset to ensure the business could capitalise on this opportunity. “We needed to get internal people comfortable with working with new suppliers and procurement played a key role in helping build the relationships between the decision-makers internally and the new suppliers. Instilling some flexibility in the mindset, processes and relationships was a big focus.”
Technology and data are the catalyst for greater supply chain transparency, visibility and risk mitigation
Managing risk has always been an important part of procurement decision-making and supply base management but as risk becomes more complex and management of those risks increases in breadth, the reliance on robust data management and analysis is even more important to be able to do this at pace. Being better informed means being better able to make the right decisions when weighing risk v. opportunity, so trusting that your team has the right information on hand, in time, is crucial, and this is why so many CPOs are focusing on digitalisation of risk management to lead their procurement function forward.
During the breakout sessions we heard from organisations who are fully embracing how technology and data can improve visibility, transparency and drive greater value to the business. Dwight Dissels, Risk Manager and Product Owner shared how Danone’s Supply Chain Control Tower is empowering decision-making right across the business by improving access and usability of the multiple data sets where previously multiple spreadsheets were relied on.
Isabelle Tauzinat, Procurement Global Risk Lead and Lara McLeod, Senior Manager Supply Chain and Operations Strategy & Consulting shared Accenture’s journey in creating their True Supplier Marketplace, a blockchain-powered platform which simplifies the supplier information sharing, improving the transparency and ongoing monitoring of risk across the supply network.
The increased accessibility of supplier and operational data and TPRM technology solutions offers greater efficiency, depth and breadth of risk monitoring than was previously possible with manual processes using basic tools. Many CPOs are using this as a business case to invest in data and technology improvements, but putting technology in place to achieve those efficiencies is not always straightforward nor without its challenges. Getting the governance, processes and supplier mapping right is a prerequisite to successful data and technology implementations.
“Accept that you won’t see everything. Even as you subscribe to many data sources to cover all the domains that matter to you, blind spots will persist. You can certainly try to close them by supplementing additional sources; for example, rather than subscribe to one vendor to understand the financial health of your global partners, consider using multiple vendors that specialise in concentrated regions or countries/ This can improve your coverage but realise there’s no panacea for getting around imperfect information,” said Lynn Torrel, Chief Procurement & Supply Chain Officer, Flex Ltd.
Tackling cyber security in the supply base is a key issue now facing procurement professionals
As we become more and more reliant on the flow of data between and across the supply network, keeping that data secure and our systems safe across those transfers becomes increasingly important and was an important topic for discussion throughout the day. Growing levels of connectivity between buyer and supplier organisations may mean that, if not properly secured, a vendor’s systems could represent a gateway into the buying organisation for a cybercrime. In fact, around one third of corporate IT breaches are through a third-party supplier, many of which are simply not always equipped to deal with these risks.
The access and transfer of commercially sensitive data across the supply network means that Procurement functions must actively manage cyber risk and be more stringent about their key supplier’s data security measures so as not to expose vulnerabilities for their organisations. Although procurement has historically delegated this responsibility to the IT department, the discussions today highlighted how the function must establish a proactive partnership with the CISO and their team to meaningfully mitigate cyber threats.
The CPO at Walgreens Boots Alliance, Jim Townsend, and Jim Cameli, Global Chief Information Security Officer shared three ways they’ve tackled this together:
- Enterprise-wide culture and mindset change through awareness and education across the network on the risks. Tackling cyber security needs the support of everyone to really make any headway – need to keep it front of mind for everyone across the business and supply base to remain vigilant.
- Cross-functional collaboration in co-creating policies, governance, processes, and reporting. For example co-developing the contract language ensures alignment and continuous improvement as the risks evolve.
- Using appropriate segmentation and tailoring the approach to the distinct needs of the supplier and their risk profile – “Your program will fail if you treat everyone the same, its financially unviable and creates unnecessary work and anxiety, be thoughtful about the segmentation and where you focus your efforts.”
The resounding message of the day has been around the importance of partnership and collaboration to really tackle this important risk. Natalia Oropeza, Chief Cybersecurity Officer at Siemens summarised it nicely in her final point: “You don’t need to do this alone and you have to be as quick as possible because the hackers are quick, so what we all need to do is cooperate and co-create to get help from each other in this regard. If we are all secure, we all gain as individuals in the digital ecosystem.”