Paving a sustainable way forward

Whether working in a purely commercial environment, a not-for-profit organisation or a government or civil services department, risk is an ever-present element of your day-to-day, month-to-month, and year-on-year activities. Part of managing risk is recognising the upside of reasonable risks, working to eliminate unreasonable risks and identifying the right path forward that leverages the benefits of acceptable risk. In this industry trends article, we identify the types of risks that may be present in your commercial or organisational ecosystem and what managing them from a procurement perspective might entail.

Looking back over our catalogue of industry trends articles, this topic has never been far from our attention. There is good reason for that – as previously discussed, risk management is well within the purview of forward thinking and growth-driven procurement and supply chain departments. In fact, an active role in third-party risk management on both strategic and operational fronts, is probably one of the pillars of an effective procurement function.

Managing risk is a complicated and involved proposition made more so by the need to identify and understand both the nature and number of risks faced by your organisation and your clients.

Right Aligned Image

Risk wears many hats therefore your department will have to do likewise

The risks that your organisation or business may face is as varied as the products, supply chains, and environments in which you operate. In very general terms, you may be faced with risks that fall into the following broad categories:

  • Operational – Speaks for itself really but also speaks to the inherent risks around managing resources, capital and processes in pursuit of best practise and therefore sustainable income/profit.
  • Financial – the need to manage this type of risk is a counterbalance to strategic aspirations and blue sky thinking. It also takes into account operational activities as every facet affects the financial position. In fact, the effective management of every other type of risk will affect this category – especially procurement.
  • Compliance – Legislative strictures have been put in place to ensure compliance with guidelines governing elements as broad and disparate as environmental measures, negotiating situations involving tariffs when dealing with international markets, and of course measures to help eliminate and safeguard against the scourge of modern slavery.
  • Cybersecurity – again much has been written about this topic and with good reason. The rate of escalation in terms of type, reach, and impact of cybercrime is simply staggering. Literally billions of dollars per annum in terms of damage to reputation, lost income and ability to operate effectively have been compromised by the interference of cyber-criminals the world over. Procurement must play a significant hand in keeping data security front of mind to preserve integrity, process and reputation.

There are other risks involved in establishing, maintaining and growing a business or organisation in today’s world of commerce and delivery of goods and services. For the sake of simplicity we can call the aforementioned risks, the big four. Ignore any one of these and the organisational/commercial walls will quickly come crashing down in today’s world. Depending on the size of your business it may not be possible to effectively and optimally manage all risks using internal resources. But whether you choose to spread the management responsibility across internal resources and external consultants, or go all-in externally or internally, there are three areas of best practise that should be adopted as soon as possible and evaluated, interrogated and maintained as part of business as usual.

Strive for best practise in these 3 areas to help actively manage third party risk

Simplification or streamlining of any process oftentimes makes it exponentially more effective. This is also true of third-party risk management particularly from a procurement standpoint. So, while there are many aspects of risk management to understand and action, there are three buckets that we can focus on:

  1. Assessment – The first step here is obviously to understand both the business/organisational goals and the operational considerations to be taken into account. This is one area wherein you simply cannot have too many details. The big tip here is to complete a deep dive into every aspect of operation that matters and then to go deeper. Details,details, details – gather them all together as you would when approaching a 10,000-piece jigsaw puzzle and find the corners i.e. the pieces that really matter. This is the basis of an effective risk assessment. Happily, as mentioned in previous industry trends articles, AI is the ideal solution for quickly and effectively combing through oceans of data points.
  2. Risk mitigation – with known quantities now apparent, mitigation strategies can come into play. This is the critical area in which much of your resource should be funnelled. Once again you may choose to leverage the experience and expertise of companies and services that specialise in this nuanced area, or you may find these skills and experience within your own organisation. Either way it is critical that you commit fully to this vital area.
  3. Governance and reporting – this should never simply be a tick box exercise. Governance and reporting are critical to the sustainable and profitable, growth-focused operations of your business, organisation and or enterprise. With a justifiably increased focus on ESG, the governance part of the acronym literally paves the path towards sustainability. This is how we can know that what we are striving to achieve is a) effective and b) getting done.

Bonus inclusion: looking back at five critical elements of risk management

Towards the beginning of this year, we released an industry trends article that focused on this evergreen topic of third-party risk management. This excerpt should be an enduring focus and will hopefully assist you in continuing along the path of sustainable growth and effectiveness within your area of operation. For your convenience we have included it below as a separate bonus section.

Critical risk management components

Over recent times, we’ve observed 5 approaches to the management of third-party risks by Procurement. While not quite “set in stone” trends, they illuminate options that can be applied to the circumstances and requirements of your organisation and therefore determine the role (and even the size and significance of the role) that your procurement department should have in managing third party risks.

  1. Risk assessment (only) – this involves assessing and flagging potential risks around financial issues, cyber security, human rights.
  2. Compliance oversight (regulatory) – This means providing a framework for adherence to relevant laws and regulations by suppliers.
  3. Risk management hub – An active and central role in consolidating and managing data security, compliance, sustainability, and involves real time monitoring, and due diligence assessments through advanced and predictive analytics.
  4. Advisory (strategic) – Preceding and therefore guiding any remediation/mitigation activities, the emphasis here is on insights delivery and supply chain design.
  5. Digital optimisation – focuses on streamlining processes, risks assessment and monitoring.

To be clear, the idea is not to pick one of these elements and run with it as a solitary third-party risk management strategy. It is necessary to address all 5, but where should the emphasis be placed? An interesting and useful exercise would be to assign a percentage of procurement’s resources to each of these five roles based on need/priority.

Procurement should helm the “third party risk management” ship

“The only constant is change.” That’s a phrase that has come up again and again throughout our series of Industry Trends articles – and with good reason. It is increasingly obvious that reputation, regulatory compliance, operational, and info/data security concerns continue to escalate and morph as supply chain expectations and demands, and therefore the risk landscape, constantly shift.

Surveying the procurement landscapes both nationally and abroad would suggest there is considerable merit in adopting the approach that places Procurement at the helm of your company’s third-party risk management ship.

Having taken inventory of your organisation’s risk profile and priorities, the “hub” approach (centralise everything for a ‘single source of truth’ scenario) may then prove to be the most practical in terms of balancing mission and risk management. Internal challenges to be overcome may include:

  • Interdepartmental communication
  • Data integrity
  • Access to decision-makers/autonomy
  • Cultural buy-in to the role and value of Procurement to the achievement of Company goals

Based on recent trends, this central hub approach may be the best way to weather the fickle but ever-strengthening winds of change across the commercial and regulatory environments.

Previous Article Previous Article Next Article Next Article