Future of Sourcing - Third Party Risk Management https://futureofsourcing.com/tags/third-party-risk-management en Building a Risk Management Strategy: Where to Start https://futureofsourcing.com/building-a-risk-management-strategy-where-to-start <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://futureofsourcing.com/sites/default/files/articles/Building%20a%20Risk%20Management%20Strategy.jpg"><a href="https://futureofsourcing.com/sites/default/files/articles/Building%20a%20Risk%20Management%20Strategy.jpg" title="Learn three considerations to keep in mind as you build your risk management strategy that stays ahead of the next big disruption." class="colorbox" rel="gallery-node-2184-LJNQREIsKlA"><img typeof="foaf:Image" src="https://futureofsourcing.com/sites/default/files/styles/juicebox_medium/public/articles/Building%20a%20Risk%20Management%20Strategy.jpg?itok=krMHYHv0" width="624" height="325" alt="Learn three considerations to keep in mind as you build your risk management strategy that stays ahead of the next big disruption." title="" /></a></div></div></div><div class="field field-name-field-intro field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"> <p><em>There are numerous factors to consider when thinking about risk management and where to start says Omer Abdullah, Co-Founder of The Smart Cube. He explores the three considerations to keep in mind as you build your risk management strategy that stays ahead of the next big disruption.</em></p> </div></div></div><div class="field field-name-field-related-news field-type-entityreference field-label-above"><div class="field-label">Related news:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/3-ways-to-empower-procurement-and-prepare-for-the-next-supply-chain-crisis">3 Ways to Empower Procurement and Prepare for the Next Supply Chain Crisis</a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <p>Risk management isn&rsquo;t a new term or notion to the supply chain and procurement industry, yet it continues to be one of the least addressed priorities within organizations. KPMG recently shared a <a href="https://home.kpmg/xx/en/home/insights/2022/01/third-party-risk-management-outlook-2022.html">report</a> on fourth-party risk that notes roughly 80% of businesses say they need to urgently improve their assessment of fourth parties in their supply chain. While it&rsquo;s certainly a topic of conversation within the boardroom, preemptive action is imperative to building a resilient strategy.</p> <p>There are numerous factors to consider when thinking about risk management and where to start. We&rsquo;ll explore the three considerations to keep in mind as you build your risk management strategy.</p> <h1>1. It&rsquo;s Not a Matter of If, but When</h1> <p>While many businesses may have risk management in mind, they often don&rsquo;t have precautions in place. If the last two years have shown us anything, it&rsquo;s that risk and crises aren&rsquo;t a matter of if, but when. Between the pandemic, the <a href="https://futureofsourcing.com/procurement-gets-competitive-with-ai-technology">Great Resignation</a> and the ongoing conflict in Ukraine, risk factors continue to come from every angle. It&rsquo;s important to keep this in mind when building out budget and priorities on a quarterly basis.</p> <p>Leaders must also understand that the goal isn&rsquo;t to completely eliminate risk but to have a plan in place to monitor and mitigate ongoing risks. Risk factors will continue to live around us and nothing can diminish that fact. It is only with diligence, critical analysis and planning that we can manage these risks and achieve fluid, profitable movement of goods and services, minimize supply disruption and maximize business continuity.</p> <h2>2. Software Solutions are Not One Size Fits All</h2> <p>Purely manual risk management solutions are outdated and unrealistic with too much data to manage. At the same time, by definition, software solutions are a one-to-many solution. The reality is that every company and its supply chain is different. While software solutions can reduce the hours of manual research, a successful solution requires sifting through the insights to find the weaknesses.</p> <p>That&rsquo;s where the intersection of artificial intelligence plus human intervention (AI + HI) come into play. Advanced analytics, AI, and the availability of expertly curated datasets and insights help procurement and supply chain teams learn more than ever before about suppliers, <a href="https://futureofsourcing.com/is-it-time-to-add-ai-to-your-commodity-insights">market and commodity trends</a>, and emerging risk factors.</p> <p>Crucially, they&rsquo;ve helped procurement teams evolve from spending long periods of time analyzing historical information to enabling truly proactive procurement operations.</p> <h2>3. As the World Evolves, Your Risk Management Must Also Evolve</h2> <p>As mentioned, risk is constant in all aspects of modern business. It&rsquo;s constantly evolving and plays a role in every decision made at every level. So, it must be constantly managed and monitored too.</p> <p>After any major crisis event, teams will want to take a deep dive into available data, see the impact, and conduct a deep supply chain risk assessment to understand how they can better manage and mitigate risk.</p> <p>In addition, true risk management must be ingrained within your culture &ndash; something that&rsquo;s part of every business decision &ndash; not just looked at after the fact or at the end of every quarter. As such, supply risk management can&rsquo;t just be based on snapshot assessments, <a href="https://futureofsourcing.com/real-time-risk-intelligence-the-antidote-to-supply-chain-disruptions">it must be a proactive as well as a reactive effort</a>.</p> <p>The risk landscape is constantly shifting and only by weaving risk management into your day-to-day operations and decision-making processes can you hope to control and contain it.</p> <p>Every decision ultimately involves some level of risk but by having visibility into that risk and the potential impacts, you&rsquo;re already a step ahead within building a manageable risk management strategy.</p> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/third-party-risk-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Third Party Risk Management</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/supplier-risk-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Supplier Risk Management</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/the-smart-cube" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">The Smart Cube</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="Building a Risk Management Strategy: Where to Start - Future of Sourcing" addthis:url="https://futureofsourcing.com/building-a-risk-management-strategy-where-to-start"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div><div class="field field-name-field-region field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Region:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/regions/global" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Global</a></div></div></div> Wed, 01 Jun 2022 17:21:07 +0000 Omer Abdullah 2184 at https://futureofsourcing.com https://futureofsourcing.com/building-a-risk-management-strategy-where-to-start#comments How to Bounce Back from a Cyber-Attack https://futureofsourcing.com/how-to-bounce-back-from-a-cyber-attack <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://futureofsourcing.com/sites/default/files/articles/How%20to%20Bounce%20Back%20from%20a%20Cyber-Attack.jpg"><a href="https://futureofsourcing.com/sites/default/files/articles/How%20to%20Bounce%20Back%20from%20a%20Cyber-Attack.jpg" title="Get best practices for how to prevent and recover from a cyber-attack, and how to train executives and employees to protect company data." class="colorbox" rel="gallery-node-2145-LJNQREIsKlA"><img typeof="foaf:Image" src="https://futureofsourcing.com/sites/default/files/styles/juicebox_medium/public/articles/How%20to%20Bounce%20Back%20from%20a%20Cyber-Attack.jpg?itok=1n4MZvKA" width="624" height="325" alt="Get best practices for how to prevent and recover from a cyber-attack, and how to train executives and employees to protect company data." title="" /></a></div></div></div><div class="field field-name-field-intro field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"> <p><em>A few lines of code can take down an entire enterprise and cyber-attacks are growing in sophistication, says&nbsp;Salvador Padilla, Director of Information Security at DATAMARK and a former Information Systems Security Officer with the United States Navy. He shares his best practices for how to prevent and recover from a cyber-attack, and how to train executives and employees to protect company data.&nbsp;</em></p> </div></div></div><div class="field field-name-field-related-news field-type-entityreference field-label-above"><div class="field-label">Related news:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/third-party-and-supply-chain-risk-management-then-and-now">Third Party and Supply Chain Risk Management: Then and Now</a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <p><span style="font-size: 1.385em; font-weight: bold;">A Changing Threat Landscape</span></p> <p>2021 set infamous records in terms of cyber-attack costs, as the damage of cyber-crime exceeded $6 trillion, according to <a href="https://cybersecurityventures.com/annual-cybercrime-report-2020/" target="_blank">Cyber Security Ventures</a>. This is a 50% increase from just six years ago and has become a grave issue for every cybersecurity team. With a cyber-attack occurring every 11 seconds (compared to every 40 seconds in 2016), the number of threats SOC teams will have to face has increased four-fold.</p> <p>Furthermore, ransomware attacks accounted for nearly $20 billion in damage in 2021, a whopping 57 times more than the cost of ransomware attacks in 2015 ($325 million).</p> <p>Most cyber-attacks are financially motivated, and ransomware continues to be a major threat. However, ransomware isn&rsquo;t the only type of attack companies are worried about since data corruption can stem from different attacks, including insiders and wiper-ware.</p> <p>It&rsquo;s only a matter of time before your organization is targeted as well, so it&rsquo;s imperative to be prepared.</p> <h2>User Awareness</h2> <p>Due to many attacks being caused by users allowing hackers to gain access, it&rsquo;s important to educate them on the risks and how to spot an attempt.</p> <p>Employees can unknowingly fall prey to a phishing attack with just one click, and this is the single most used method to gain access to a contact center. That one tiny click can shake your business&rsquo; foundation to the core. After all, the average cost of a single data breach in the U.S. in 2019 was <a href="https://securityintelligence.com/posts/whats-new-in-the-2019-cost-of-a-data-breach-report/" target="_blank">$3.92 million</a>. Furthermore, phishing attacks were accountable for 32% of those breaches, according to a <a href="https://enterprise.verizon.com/resources/reports/dbir/2019/summary-of-findings/" target="_blank">report</a> by Verizon.</p> <p>It&rsquo;s up to your company to educate your employees on how to identify malicious emails by implementing the following:</p> <h3>1. Conduct a Company-Wide Cybersecurity Training</h3> <p>Security-savvy employees are your primary defense against phishing attacks. Creating a mandatory <a href="https://sig.org/sig-university/certified-third-party-risk-management-professional-certification" target="_blank">company-wide security training</a> goes a long way in protecting your company&rsquo;s data. Implement this training into your onboarding procedure with regularly scheduled refresher courses to follow.</p> <p>Keep in mind that security education doesn&rsquo;t have to be boring or formal. Your program will be more effective if you find ways to engage your employees. If they perceive the exercise as a mandatory session that they need to &ldquo;get through,&rdquo; your lessons will fall on deaf ears.</p> <p>Training should cover best practices, but you shouldn&rsquo;t stop there. Ensure that your employees know what to do if they notice something suspicious and the steps to take to alert management of the issue.</p> <h3>2. Teach Employees How to Identify a Phishing Email (and Quiz Them)</h3> <p>The most critical element of protecting employees from phishing attacks is to teach them how to identify phishing emails quickly. Because hackers use real company logos and add small details to make their emails seem legitimate, red flags can be difficult to spot if you don&rsquo;t know what you&rsquo;re looking for.</p> <p>Add a quiz into your training to test your employees&rsquo; skills. Show example emails and ask them to identify if the email is authentic. This quiz is a great opportunity to add an engaging element to your security education. For example, make a game of it and recognize employees who answer correctly or participate with the most enthusiasm.</p> <h3>3. Show Real-Life Examples of Data Breaches Caused by Phishing</h3> <p>To help employees understand what you&rsquo;re up against, show real examples of companies that have suffered a data breach as a result of a phishing email. Your employees will learn the most powerful lessons through raw data: dollars lost, people affected, damage to the company and other tangible facts.</p> <p>It isn&rsquo;t that your employees don&rsquo;t care about the company&rsquo;s security; however, without seeing what could actually happen, they may feel as though this training is more of a formality than a necessity.</p> <h3>4. Use Trusted Antivirus Software and Ensure It&rsquo;s Routinely Updated</h3> <p>Mistakes happen. Even with excellent security training, an employee could accidentally fall for a phishing email. If that happens, you&rsquo;ll want a robust antivirus software installed on your devices.</p> <p>Remember that antivirus isn&rsquo;t a set-it-and-forget-it solution. Always ensure that your software is updated and running at its best. Your IT department or service provider should keep an eye on your antivirus for all your company&rsquo;s devices; however, consider that if some employees use their personal devices, your IT team will need to ensure those devices are protected as well.</p> <h3>5. Make Sure Executives are Involved in Your Security Initiative</h3> <p>A gap in many security programs often occurs with higher-level management. Though those are the teams that arrange for security training to take place, they are also often left out of the training. It&rsquo;s assumed that they don&rsquo;t need it or that they have more pressing issues to focus on.</p> <p>Executives without security training are extreme liabilities to any company. Because they have the highest level of access to confidential data, hackers will target higher-level employees specifically, which is known as a whaling attack. Everyone in the company &ndash; from the very top to the very bottom &ndash; should be included in security training.</p> <p>As phishing attacks become increasingly more sophisticated, it&rsquo;s vital that your employees know what they&rsquo;re up against. Through understanding the possible effects of a breach, employees will feel ownership over protecting the company&rsquo;s data from being exploited.</p> <h2>Methods to Prevent Future Attacks</h2> <h3>Ensure Endpoint Protection</h3> <p>Endpoint protection protects networks that are remotely bridged to devices. Mobile devices, tablets and laptops connected to corporate networks give access paths to security threats. These paths need to be protected with specific endpoint protection software.</p> <h3>Install a Firewall</h3> <p>There are so many different types of sophisticated data breaches, and new ones surface every day and even make comebacks. Putting your network behind a firewall is one of the most effective ways to defend yourself from any cyber-attack. A firewall system will block any brute force attacks made on your network and/or systems before it can do any damage.</p> <h3>Backup Your Data</h3> <p>In the event of a disaster (often a cyber-attack), you must have your data backed up to avoid serious downtime, loss of data, and serious financial loss.</p> <h3>Wi-Fi Security</h3> <p>Who doesn&rsquo;t have a Wi-Fi-enabled device in 2022? And that&rsquo;s exactly the danger; any device can get infected by connecting to a network; if this infected device then connects to your business network, your entire system is at serious risk.</p> <p>Securing your Wi-Fi networks is one of the easiest things you can do to secure your systems.</p> <h3>Employee Logins</h3> <p>Every employee needs their own login for every application and program. Several users connecting under the same credentials can put your business at severe risk. Having separate logins for each staff member will help you reduce the number of attack fronts and offer improved usability.</p> <h3>Access Management</h3> <p>One of the risks an organization faces is employees installing software on business-owned devices that could compromise your systems. Managed admin rights that block your staff from installing or even accessing certain data on your network are essential to your security.</p> <h3>Remote Workers</h3> <p>Many business leaders believe that the risk of a data breach is higher when employees work remotely, but the basics still apply. The recent lockdowns forced many to work from home, catching many companies by surprise and creating a feeding frenzy for hackers to exploit vulnerabilities.&nbsp;&nbsp;</p> <p>Employees aren&rsquo;t always able to recognize scams. Phishing scams, spoofing attacks, fake alerts, and the like can be so deceptive that even the biggest names fall for them. COVID-19 has only added fuel to this fire: On average, during the first half of 2020, <a href="https://www.bitdefender.com/files/News/CaseStudies/study/366/Bitdefender-Mid-Year-Threat-Landscape-Report-2020.pdf?clickid=21i1iaSWaxyOWqJwUx0Mo38JUkiV4TTEE0TQX00&amp;irgwc=1&amp;MPid=27795&amp;cid=aff%7Cc%7CIR" target="_blank">four out of 10 Coronavirus-themed emails were tagged as spam</a>, with fraudsters impersonating government, health, and financial institutions.</p> <p>To prevent your remote employees from unwittingly falling into a cybersecurity trap, it&rsquo;s imperative to implement the following:</p> <p>1.&nbsp;&nbsp;&nbsp; Establish and enforce a data security policy</p> <p>2.&nbsp;&nbsp;&nbsp; Equip your employees with the right tools and technology</p> <p>3.&nbsp;&nbsp;&nbsp; Frequently update your network security systems</p> <p>4.&nbsp;&nbsp;&nbsp; Regulate the use of personal devices</p> <p>5.&nbsp;&nbsp;&nbsp; Institute a &ldquo;Zero Trust&rdquo; approach</p> <p>6.&nbsp;&nbsp;&nbsp; Make sure all internet connections are secure</p> <p>7.&nbsp;&nbsp;&nbsp; Don&rsquo;t overload your VPN</p> <p>8.&nbsp;&nbsp;&nbsp; Utilize multi-factor authentication</p> <p>9.&nbsp;&nbsp;&nbsp; Monitor employees&rsquo; remote work practices</p> <p>10. Train your employees well and supply them with robust IT support</p> <h2>The Cybersecurity Roadmap</h2> <p>The recent rise in ransomware attacks and business-halting data breaches has made it clear that your organization must prioritize cybersecurity performance. But ad hoc security controls and defensive measures are not the answer. Instead, you need a strategic, risk-based approach with a cybersecurity road map as your guide.&nbsp;</p> <p>One of the reasons why threat actors are so successful is that they can exploit risk hidden in complex and expanding digital ecosystems. Because of this, the first step to creating a cybersecurity roadmap is to identify risk throughout your organization&rsquo;s digital portfolio. One way to do this is to continuously scan your organization&rsquo;s attack surface to gain a complete view of the vulnerable points. You can run a scan at any time to quickly visualize the location of your digital assets &ndash; including cloud instances and shadow IT &ndash; and the corresponding cyber risk associated with each.&nbsp;</p> <p>Next, you need to understand what security performance targets you should aim for and where you fall short. A helpful approach is to benchmark your security program against other organizations of similar size in your industry. This will allow you to make more informed decisions about where to focus your cybersecurity efforts.</p> <p>You can also share your benchmark assessment with executives and board members so they understand how your program aligns with industry standards. From here, they can develop improvement plans and allocate resources where they&rsquo;ll have the greatest impact.</p> <p>Third parties are an essential part of your business ecosystem, but they also introduce cyber risks of their own. Supply chain attacks are becoming increasingly common, and mitigating these risks must be factored into your cybersecurity roadmap.</p> <p>As discussed above, even if you resolve every vulnerability and secure every asset in your digital ecosystem, if a single employee clicks on a link in a phishing email or connects to the corporate network from a public Wi-Fi connection, your organization is at risk.</p> <p>To mitigate this risk, plan for frequent cybersecurity awareness training sessions. Set a regular cadence that is right for your employees. Start with a four- to six-month timeframe, then test your employees to gauge their recall and modify the training schedule accordingly. Topics to focus on include proper password management, Wi-Fi safety, the importance of patching, etc.</p> <p>With these valuable insights, you can better align your security program with business goals, prioritize security investments, measure success and continually improve.</p> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/cybersecurity" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Cybersecurity</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/datamark" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">DATAMARK</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/third-party-risk-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Third Party Risk Management</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="How to Bounce Back from a Cyber-Attack - Future of Sourcing" addthis:url="https://futureofsourcing.com/how-to-bounce-back-from-a-cyber-attack"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div><div class="field field-name-field-region field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Region:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/regions/global" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Global</a></div></div></div> Mon, 07 Mar 2022 02:00:00 +0000 Salvador Padilla 2145 at https://futureofsourcing.com https://futureofsourcing.com/how-to-bounce-back-from-a-cyber-attack#comments The Role of Procurement: From Chaos to Clarity https://futureofsourcing.com/the-role-of-procurement-from-chaos-to-clarity <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://futureofsourcing.com/sites/default/files/articles/The%20role%20of%20procurement_from%20chaos%20to%20clarity.jpg"><a href="https://futureofsourcing.com/sites/default/files/articles/The%20role%20of%20procurement_from%20chaos%20to%20clarity.jpg" title="Because no one knows suppliers as intimately as procurement, they have the unique ability make predictive connections between their suppliers and the risks they may pose to the enterprise." class="colorbox" rel="gallery-node-2124-LJNQREIsKlA"><img typeof="foaf:Image" src="https://futureofsourcing.com/sites/default/files/styles/juicebox_medium/public/articles/The%20role%20of%20procurement_from%20chaos%20to%20clarity.jpg?itok=lI3kNDfy" width="624" height="325" alt="Because no one knows suppliers as intimately as procurement, they have the unique ability make predictive connections between their suppliers and the risks they may pose to the enterprise." title="" /></a></div></div></div><div class="field field-name-field-intro field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"> <p><em>Because no one knows suppliers as intimately as procurement, they have the unique ability make predictive connections between their suppliers and the risks they may pose to the enterprise, says Hannah Tichansky,&nbsp;a Marketing Campaign Manager at Aravo Solutions. She highlights four heightened risk areas that procurement needs to monitor to be the champion of supplier relationships.&nbsp;</em></p> </div></div></div><div class="field field-name-field-related-news field-type-entityreference field-label-above"><div class="field-label">Related news:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/third-party-and-supply-chain-risk-management-then-and-now">Third Party and Supply Chain Risk Management: Then and Now</a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <p>It&rsquo;s time to rethink the role procurement professionals hold in organizations, and this shift is critical to reducing organizational risk and boosting resilience. While the traditional approach to procurement centered on margin impact and the management of suppliers from an operational perspective, there is an evolution taking place that requires forward-thinking organizations to focus on the <a href="https://www.ey.com/en_gl/consulting/ten-trends-shaping-the-future-of-procurement" target="_blank">long-term strategy and impacts</a> the role of procurement is playing in today&#39;s world.</p> <h2>The Traditional Role of Procurement is Evolving</h2> <p>No longer can procurement professionals solely focus on cost savings. They must also be aware of risks introduced by key suppliers and armed with the appropriate tools and technology to proactively manage them before it&rsquo;s too late and the risks negatively affect the organization.</p> <p>Heightened risk areas that are leading this necessary shift in procurement&rsquo;s functions include:</p> <h3>1. Elevated Supply Chain Risks</h3> <p>Supplier risks that have emerged during the pandemic are (for obvious reasons) a critical component of new and elevated risks facing procurement professionals. Lack of awareness of supply chain risks has been exposed, and the perceived level of risk has continued to rise. According to Axios research, 75% of businesses reported a <a href="https://www.axios.com/coronavirus-supply-chains-china-46d82a0f-9f52-4229-840a-936822ddef41.html" target="_blank">supply chain disruption</a> related to the pandemic.</p> <h3>2. Hidden Risks</h3> <p>According to Deloitte&rsquo;s 2021 Chief Procurement Officer Survey, only 18% of CPOs had formal tracking processes in place to determine direct (tier 1) <a href="https://www2.deloitte.com/us/en/insights/topics/operations/chief-procurement-officer-cpo-survey.html" target="_blank">risks within their suppliers</a>, and only 15% were aware of risks further down their supplier base. In addition to the vendors that you have direct contracts with, it is also important to know your fourth parties and &ldquo;nth parties,&rdquo; who are your third parties&rsquo; subcontractors.</p> <h3>3. Isolated or Siloed Procurement Functions</h3> <p>Traditional procurement departments were de-centralized and focused on transactional, short-term initiatives. Organizations that still exemplify these silos face challenges when it comes to thinking holistically and managing risks from all angles. Driving collaboration and strategic initiatives between departments is a critical way to begin to eliminate these silos, while still managing a daily workload of financial responsibilities.</p> <p>According to Deloitte Insights, <a href="https://www2.deloitte.com/us/en/insights/topics/operations/chief-procurement-officer-cpo-survey.html" target="_blank">high-performing CPOs</a> spend 63% of their time on operational and transactional tasks, spending the rest of their time on more strategic, long-term work (most CPOs who are not as high-performing spend a higher amount of time (74%) on operational/transactional tasks).</p> <h3>4. A Multitude of Unorganized Data Points</h3> <p>Procurement professionals deal with a huge amount of data points related to personnel, financial, operational, regulatory, contracts and more. When this type of information is stored on different platforms, unorganized or incomplete, procurement cannot gain proper insight into potential risks facing their organization.</p> <h2>Transforming Chaos into Clarity</h2> <p>As the role of procurement has evolved, procurement professionals are moving from transactional managers to strategic relationship managers, focusing on developing and managing a wide variety of data points across all aspects of their supplier relationships. Just a few of these data points include personnel data, financial health, GDPR/CCPA, ABAC compliance, operational and reputational risks, virtual/on-site audits, performance and quality management, corrective action plans, banking and tax info, contracts, diversity classification and more.</p> <p>To understand the riskiness of suppliers and third parties, procurement professionals need to wade through all of this information with efficiency and ensure alignment with both company strategies and global regulatory mandates.</p> <p>In addition, it is imperative that procurement maintains healthy, collaborative internal relationships to ensure that organizational teams like IT, compliance, finance, sustainability and others are well informed, with real-time visibility to potential risks, and are able to sustain positive working relationships with suppliers.</p> <h2>Procurement Professionals: The Champions of Supplier Relationships</h2> <p>Maintaining healthy supplier relationships is not just about onboarding, it also must include managing risk, quality and performance of suppliers, assuring compliance where needed, while still managing the transactional responsibilities that are at the foundation of this role historically. This increased recognition into the vital position of procurement is seen across all industries, and <a href="https://www2.deloitte.com/us/en/insights/topics/operations/chief-procurement-officer-cpo-survey.html" target="_blank">according to Deloitte Insights</a>:</p> <p>&ldquo;CPOs are successfully navigating&hellip; complexities while delivering across a greater breadth of KPIs. Although there are still heavily focused on costs, they have expanded their value propositions to influence demand, drive innovation and work closely with strategic suppliers and partners to foster commercial compliance, increase speed to market, accelerate M&amp;A integration/divestiture programs and drive continuous improvement.&rdquo;</p> <p>The procurement team is the bridge between the enterprise and the extended enterprise: the organization and its suppliers. No one knows suppliers as intimately as procurement. They, like no other function, can make predictive connections between their suppliers and the risks they may pose to the enterprise.</p> <p>In addition to mitigating risk, procurement has the unique opportunity to drive innovation for the enterprise by partnering with suppliers to identify new products, materials, capabilities and offerings.</p> <p>To manage these responsibilities, drive efficiency and take a risk-based approach to procurement, this function needs to recognize its strategic value to the organization and step up to help manage the full lifecycle of their organization&rsquo;s supplier and third-party relationships.</p> <p>In today&rsquo;s age of elevated risk, procurement professionals need to take the chaos that these many different data points present, and transform them into clarity through a consistent, process-oriented approach to managing suppliers and third-party relationships.</p> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/third-party-risk-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Third Party Risk Management</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/aravo" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Aravo</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/supplier-relationship-management-srm" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Supplier Relationship Management (SRM)</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="The Role of Procurement: From Chaos to Clarity - Future of Sourcing" addthis:url="https://futureofsourcing.com/the-role-of-procurement-from-chaos-to-clarity"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div><div class="field field-name-field-region field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Region:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/regions/global" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Global</a></div></div></div> Wed, 16 Feb 2022 02:00:00 +0000 Hannah Tichansky 2124 at https://futureofsourcing.com https://futureofsourcing.com/the-role-of-procurement-from-chaos-to-clarity#comments The Three Pillars of Successful Supply Chain Risk Management https://futureofsourcing.com/the-three-pillars-of-successful-supply-chain-risk-management <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://futureofsourcing.com/sites/default/files/articles/The%20Three%20Pillars%20of%20Successful%20Supply%20Chain%20Risk%20Management.png"><a href="https://futureofsourcing.com/sites/default/files/articles/The%20Three%20Pillars%20of%20Successful%20Supply%20Chain%20Risk%20Management.png" title="The Three Pillars of Successful Supply Chain Risk Management" class="colorbox" rel="gallery-node-2043-LJNQREIsKlA"><img typeof="foaf:Image" src="https://futureofsourcing.com/sites/default/files/styles/juicebox_medium/public/articles/The%20Three%20Pillars%20of%20Successful%20Supply%20Chain%20Risk%20Management.png?itok=8nNZPMEN" width="624" height="325" alt="The Three Pillars of Successful Supply Chain Risk Management" title="" /></a></div></div></div><div class="field field-name-field-intro field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"> <h1>The Three Pillars of Successful Supply Chain Risk Management</h1> </div></div></div><div class="field field-name-field-related-news field-type-entityreference field-label-above"><div class="field-label">Related news:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/the-role-of-a-procurement-center-of-excellence">The Role of a Procurement Center of Excellence</a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <p>Risk plays a role in every decision that is made by every business &ndash; and the supply chain is certainly no exception. Every supplier choice, contract negotiation and procurement transaction involves an unavoidable element of risk.</p> <p>But just because risk can never be fully eliminated, that doesn&rsquo;t mean it&rsquo;s ok to leave it up to chance. Effective supply chain risk management demands continuous attention, careful planning and thoughtful execution.</p> <p>It&rsquo;s built on three pillars &ndash; each of which plays a fundamental role in helping you mitigate the impacts of unforeseen crisis events, and maintain stable, resilient supply chain operations.</p> <h2>Pillar #1: Commitment</h2> <p>Supply chain risk management isn&rsquo;t a one-time exercise. Even when you&rsquo;re responding to a major supply crisis event like the COVID-19 pandemic, simple snapshots of conditions and operations offer limited value when it comes to mitigating risk and safeguarding the supply chain long term.</p> <p>Instead, it demands a constant commitment at all levels of the procurement organization. But it can&rsquo;t stop there. Ideally, ongoing risk management needs to be embraced by the wider enterprise too &ndash; gathering, interpreting and acting on signals from the multiple departments that touch, monitor or otherwise impact the supply chain.</p> <p>Embedding and upholding that enterprise-wide commitment to supply risk is a challenge for many organizations, and represents a significant cultural shift for most. You can&rsquo;t expect people to fundamentally change how they think overnight, but there are a few ways you can support and enable this shift, and give your team the best chance of adapting successfully.</p> <p>Largely, that enablement hinges on how well you manage, share and operationalize risk-related data. If you want your people to factor risk into their decision-making, you need to equip them with the insight to do that effectively. That means evaluating and applying signals at scale to give everyone a precise view of risk factors and their potential impact on performance.</p> <h2>Pillar #2: Rigor and Discipline</h2> <p>At all times &ndash; before, during and after a disaster or risk event &ndash; action is essential. But so is organizing that action in a thoughtful and structured manner. It&rsquo;s critical to ensure that the actions you take are the right ones, or your attempts to re-establish stability could see you descend further into supply chain chaos.</p> <p>To make the right decisions and take the right actions, you need access to reliable supply chain insights. Again, not just a snapshot of today, but a deep, relevant and accurate view of operations and conditions, maintained and evaluated on an ongoing basis.</p> <p>By applying rigor and discipline in how you collect, monitor and evaluate supply chain data you&rsquo;ll always have access to insights you can rely on. And when a crisis strikes, your team won&rsquo;t need to frantically pull together data to learn what&rsquo;s going on &ndash; accidentally introducing errors in the process. They&rsquo;ll already know, enabling you to act quickly and appropriately without missing a beat.</p> <h2>Pillar #3: A Probabilistic Mindset</h2> <p>Risk is one of the few reliable constants in business. Managing it is never a question of whether risk is present, but how much risk there is. And when it comes to disruptive crisis events, it&rsquo;s not <em>if</em> one may happen, but <em>when</em>, and how much it will impact your operations.</p> <p>Leaders and teams managing supply chain risk need to factor that into their mindset. No decision will ever be truly risk-free. Your job is not to eliminate risk, but to understand its potential impacts and make decisions that minimize it wherever possible.</p> <p>In a 1999 speech at the University of Pennsylvania, former United States Secretary of the Treasury Robert Rubin summed this approach up succinctly as he distilled his four principles for decision making:</p> <p>&ldquo;First, the only certainty is that there is no certainty. Second, every decision, as a consequence, is a matter of weighing probabilities. Third, despite uncertainty, we must decide and we must act. And lastly, we need to judge decisions not only on the results, but on how they were made.&rdquo;</p> <p>Managing a global, complex procurement function requires this same weighted and disciplined approach, a concerted effort to minimise the impact when &ndash; not if &ndash; disaster strikes.</p> <p>Risk abounds all around us and nothing can diminish that fact. It is only with diligence, critical analysis and planning that we can manage these risks and achieve fluid, profitable movement of goods and services, minimised supply disruption and maximized business continuity.</p> <h2>Take a Deep Dive into the Fundamentals of Supply Chain Risk</h2> <p>Want to learn more about the fundamentals of supply chain risk management and prepare your team for the next big supply chain crisis? Get your copy of <a href="https://www.riskandyoursupplychain.com/" target="_blank"><em>Risk and the Supply Chain: Preparing for the Next Global Crisis</em></a> today and discover expert insights from The Smart Cube&rsquo;s Omer Abdullah and Subash Chandar.</p> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/third-party-risk-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Third Party Risk Management</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/risk-mitigation" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Risk Mitigation</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/the-smart-cube" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">The Smart Cube</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="The Three Pillars of Successful Supply Chain Risk Management - Future of Sourcing" addthis:url="https://futureofsourcing.com/the-three-pillars-of-successful-supply-chain-risk-management"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div><div class="field field-name-field-region field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Region:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/regions/global" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Global</a></div></div></div> Wed, 25 Aug 2021 02:00:00 +0000 Omer Abdullah 2043 at https://futureofsourcing.com https://futureofsourcing.com/the-three-pillars-of-successful-supply-chain-risk-management#comments Third Party and Supply Chain Risk Management: Then and Now https://futureofsourcing.com/third-party-and-supply-chain-risk-management-then-and-now <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://futureofsourcing.com/sites/default/files/articles/Copy%20of%20FoS%20Header%20Images%20%2846%29.png"><a href="https://futureofsourcing.com/sites/default/files/articles/Copy%20of%20FoS%20Header%20Images%20%2846%29.png" title="Third Party and Supply Chain Risk Management" class="colorbox" rel="gallery-node-1767-LJNQREIsKlA"><img typeof="foaf:Image" src="https://futureofsourcing.com/sites/default/files/styles/juicebox_medium/public/articles/Copy%20of%20FoS%20Header%20Images%20%2846%29.png?itok=Y_L1p-IK" width="624" height="325" alt="Third Party and Supply Chain Risk Management" title="" /></a></div></div></div><div class="field field-name-field-related-news field-type-entityreference field-label-above"><div class="field-label">Related news:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/right-sizing-your-third-party-risk-management-program">Right-Sizing Your Third-Party Risk Management Program</a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <p>The worldwide crisis made us hyper-aware that trust-worthy relationships are vital. Effective <a href="https://sig.org/sig-university/certified-third-party-risk-management-professional-certification" target="_blank">third-party risk management</a> is the best way to gain assurance that responses and decisions are risk-informed. Managing third-party relationships, calibrated for criticality and risks, has never been more critical. This is the most reliable path to strengthen business resilience, protect stakeholders and the bottom line.</p> <p>Before the pandemic, supply chain risk management was talked about but not treated like the professional discipline it is. And the broader scope of third-party risk management was often thought of as either a &ldquo;check-the-box&rdquo; compliance exercise or something imposed on your business by someone in headquarters.</p> <h1>Did third-party risk management capabilities just catch fire?</h1> <p>The term supply chain typically refers to physical goods, either input materials or distribution of input materials and finished goods. The term &ldquo;third-party&rdquo; blankets every relationship in a firm&rsquo;s extended enterprise, excluding their customer relationships. Third parties are part of supply chains, but every company has far more third-party relationships than supply chain relationships.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p> <p>Third parties are vendors, suppliers, service providers, outsourcers, resellers, agents, channel, brand and joint venture partners, market utilities such as SWIFT and intermediaries such as credit card processors, utilities, charities, subscription services, contractors, affiliates, rating agencies, government agencies, trade associations. And the list goes on, according to the products or services you offer, and the industry sector and markets you&rsquo;re in.</p> <p>You may be asking, &ldquo;why does the distinction between third party and supply chain risk matter?&quot; By broadening your thinking and scope of risk management activities, you can address supply chain risk and all third-party relationships.</p> <p>For example, with the ongoing pandemic, firms in every part of the world are dealing with exponential levels of third-party risk, including but not limited to supply chain risk. Just-in-time delivery practices mean that raw materials, parts and cleaning supplies are not readily available. And gone is predictability for the physical movement of goods.</p> <p>Beyond supply chain risk, most firms find themselves wrestling third-party risks like cybersecurity and denial of service attacks that impair the third parties&rsquo; ability to perform. Standard third party physical security risk controls flew out the window when third-party employees transitioned to working from home.</p> <p>Revenues fell to historic lows for many companies and their critical third parties when the world came to a halt, causing great uncertainty about their mid- to long-term financial health. This affects their ability to retain top talent, invest in technologies, processes and research. Business resilience, business continuity, pandemic planning and contingency plans for companies and their third and fourth parties immediately transitioned from status as an academic exercise to reality.</p> <p>Companies with strong third-party risk management practices have a better chance of surviving and thriving.</p> <h1>Lifecycle Management Model Versus Governance Framework</h1> <p>If third-party risk management were a two-sided coin, one side would have a Lifecycle Management model on it and the other would have a Governance Framework.</p> <p>A Lifecycle Management Model, sometimes called a &ldquo;Target Operating Model,&rdquo; is a visualization of the steps, repeatable processes and reusable tools that companies build to identify, assess, manage and monitor critical third parties throughout the lifetime of relationships, calibrated for criticality and the quality and quantity of risk.</p> <p><img alt="Lifecycle Management Framework" src="https://futureofsourcing.com/sites/default/files/Lifecycle-Framework.JPG" style="width: 960px; height: 540px;" /></p> <p>The Governance Framework depicts the methodologies, controls, and reporting that delivers risk insight and enables risk-informed decisions and alignment between the amount and type of third-party risk the company is willing to accept and its risk appetite.</p> <p><img alt="Governance Framework" src="https://futureofsourcing.com/sites/default/files/Governance-Framework.JPG" style="width: 960px; height: 540px;" /></p> <p>Third-party risk management is a complex discipline that crosses the company vertically and horizontally. It&rsquo;s a team sport, touching every part of every company&rsquo;s operations. Whether you&rsquo;re in a customer-facing segment or behind the scenes, a strong working knowledge of effective third-party risk management is a valuable asset.</p> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/third-party-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Third Party Management</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/third-party-risk-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Third Party Risk Management</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/supply-chain" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Supply Chain</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/vendor-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Vendor Management</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/supplier-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Supplier Management</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="Third Party and Supply Chain Risk Management: Then and Now - Future of Sourcing" addthis:url="https://futureofsourcing.com/third-party-and-supply-chain-risk-management-then-and-now"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div><div class="field field-name-field-region field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Region:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/regions/global" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Global</a></div></div></div> Wed, 12 May 2021 02:00:00 +0000 Linda Tuck Chapman 1767 at https://futureofsourcing.com https://futureofsourcing.com/third-party-and-supply-chain-risk-management-then-and-now#comments Three Tips for Dealing with Pandemic-Driven Risk https://futureofsourcing.com/three-tips-for-dealing-with-pandemic-driven-risk <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://futureofsourcing.com/sites/default/files/articles/Copy%20of%20FoS%20Header%20Images%20%2850%29.png"><a href="https://futureofsourcing.com/sites/default/files/articles/Copy%20of%20FoS%20Header%20Images%20%2850%29.png" title="Three Tips for Dealing with Pandemic-Driven Risk" class="colorbox" rel="gallery-node-1779-LJNQREIsKlA"><img typeof="foaf:Image" src="https://futureofsourcing.com/sites/default/files/styles/juicebox_medium/public/articles/Copy%20of%20FoS%20Header%20Images%20%2850%29.png?itok=cwS0iCQ2" width="624" height="325" alt="" title="" /></a></div></div></div><div class="field field-name-field-related-news field-type-entityreference field-label-above"><div class="field-label">Related news:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/third-party-and-supply-chain-risk-management-then-and-now">Third Party and Supply Chain Risk Management: Then and Now</a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <p>A new survey by Gartner shows only <a href="https://www.helpnetsecurity.com/2020/03/12/coronavirus-risk-management/" target="_blank">12% of organizations</a> felt prepared for the impact of the coronavirus outbreak in March. And while 26% of those surveyed believe the coronavirus will have little or no impact on their business, just 2% of companies believe they can continue business as usual.</p> <p>The macroeconomic numbers are just as sobering. Manufacturing <a href="https://www.washingtonpost.com/business/economy/us-manufacturing-posts-biggest-decline-since-demobilization-after-world-war-ii/2020/04/15/edee6bda-7f2b-11ea-8013-1b6da0e4a2b7_story.html" target="_blank">output dropped 6.3%</a> last month &ndash; the biggest decline since World War II. Oil prices are at a <a href="https://www.bbc.com/news/business-51706225" target="_blank">21-year low</a>. And the number of people in the U.S. filing for unemployment <a href="https://www.nytimes.com/2020/04/30/business/stock-market-today-coronavirus.html" target="_blank">hit a record high</a> of over 30 million as of April 30.</p> <p>The severity and pace of this pandemic caught many business leaders off guard. Amid this chaos, how can organizations respond today and prepare for future risk events?</p> <h1>Build a foundation for business stability in uncertain times.</h1> <p>Today&rsquo;s global health and economic crisis highlights the need for agile, data-driven operations that enable fast and informed risk mitigation decisions. Here are three steps business leaders can take now to navigate uncertainty and bolster resiliency.</p> <ol> <li><strong>Mobilize key stakeholders with quick access to risk data.</strong></li> </ol> <p>Every second counts during catastrophic risk events, and each function needs to be ready to act fast to mitigate the impact. Time spent tracking down information and creating a response plan (that could have been developed pre-crisis) is time wasted. Unfortunately, this is the reality many organizations are currently facing.</p> <p>Proactive enterprise risk planning, data centralization and visualization are essential for quick movers. All risk-related information needs to be in a single, shareable, accessible location. Leverage technology to connect risks, correlate their relationships and paint a clear picture of risk exposure. Armed with that information, risk leaders position themselves to immediately identify vulnerabilities, project the risk impact of different scenarios, and respond to any crisis. If a key supplier is based in a highly affected region, for example, you can instantly see how a disruption with that partner &ndash; whether a supply issue, delayed lead time, or liquidity problem -- would impact your ability to deliver for your own customers, and you can act accordingly.</p> <ol> <li value="2"><strong>Understand supplier and third-party risk exposure</strong>.</li> </ol> <p>Which suppliers are operating in global hotspots? What is the impact on strategic suppliers? Which operate in highly impacted industries &ndash; travel, hospitality, healthcare, foodservice &ndash; and how are they specifically affected?</p> <p>The landscape has changed dramatically, so take the time to assess -- and regularly re-assess -- third parties. Ask all partners to complete detailed, pandemic-specific assessments that account for the full spectrum of risk &ndash; such as security, employee health and safety, and financial distress. Your business depends on having a clear understanding of the current status of your critical third-party suppliers, their mitigating actions and your own exposure.</p> <ol> <li value="3"><strong>Collaborate with HR to fortify success and workforce planning.</strong></li> </ol> <p>What happens if the CEO, CRO, or other members of the executive team contract the virus and are too sick to work? &nbsp;Proactively work with HR to identify potential replacements several levels down the corporate ladder, so if key employees fall ill, colleagues can quickly step into those roles to offer stability.</p> <p>Many organizations also are making difficult decisions about layoffs, furloughs, and other headcount changes to reduce costs. As with all risk-related decisions, consider the big picture. Letting go of too many (or too few) staff could have far-reaching consequences on growth, quality of service and more. Hanging onto critical talent will help the business rebound faster when conditions improve. &nbsp;</p> <h1>Prepare Now for the Next Crisis</h1> <p>The coronavirus pandemic and the resulting disruption has been unlike anything we&rsquo;ve ever seen. That said, the principles for response remain the same as for any crisis: Know where your vulnerabilities are, leverage data to make calculated decisions and be agile in your response.</p> <p>We will come out on the other end of this crisis. But there will be others. If we can learn from our experiences, we&rsquo;ll be better prepared to respond faster and more intelligently when the next crisis happens.&nbsp;&nbsp;</p> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/riskonnect" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Riskonnect</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/human-resources" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Human Resources</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/third-party-risk-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Third Party Risk Management</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/risk-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Risk Management</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/covid-19" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">COVID-19</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/data-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Data Management</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="Three Tips for Dealing with Pandemic-Driven Risk - Future of Sourcing" addthis:url="https://futureofsourcing.com/three-tips-for-dealing-with-pandemic-driven-risk"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div><div class="field field-name-field-region field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Region:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/regions/global" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Global</a></div></div></div> Wed, 27 May 2020 20:44:31 +0000 Jim Wetekamp 1779 at https://futureofsourcing.com https://futureofsourcing.com/three-tips-for-dealing-with-pandemic-driven-risk#comments Why “Paper Compliance” is Not Good Enough in a Post-COVID-19 World https://futureofsourcing.com/why-paper-compliance-is-not-good-enough-in-a-post-covid-19-world <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://futureofsourcing.com/sites/default/files/articles/Copy%20of%20FoS%20Header%20Images%20%2847%29.png"><a href="https://futureofsourcing.com/sites/default/files/articles/Copy%20of%20FoS%20Header%20Images%20%2847%29.png" title="risk and compliance post-covid-19" class="colorbox" rel="gallery-node-1776-LJNQREIsKlA"><img typeof="foaf:Image" src="https://futureofsourcing.com/sites/default/files/styles/juicebox_medium/public/articles/Copy%20of%20FoS%20Header%20Images%20%2847%29.png?itok=zKQG0rwc" width="624" height="325" alt="risk and compliance post-covid-19" title="" /></a></div></div></div><div class="field field-name-field-related-news field-type-entityreference field-label-above"><div class="field-label">Related news:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/covid-19-and-trade-regulations">COVID-19 AND TRADE REGULATIONS</a></div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <p>An unlikely health and safety pandemic has thrown the world into a tailspin. Regulatory changes related to COVID-19 are already touching all facets of the industry. They are likely to continue to evolve at a brisk pace, making it difficult for some employers to keep up. Although it would have been impossible for any company to be fully prepared for such low probability, the companies that put health and safety at the forefront of their efforts have found themselves in a much better position to respond. Companies that came into this crisis already behind the curve are struggling to keep up and will ultimately need to reprioritize health, safety, and business continuity plans moving forward.</p> <h1>Compliance for Compliance&rsquo;s Sake</h1> <p>The COVID-19 crisis has opened an entirely new chapter in risk management, one that has tested the strength of many companies&rsquo; resiliency and their ability to model a new kind of risk management plan. It&rsquo;s unlikely that very many businesses had emergency response plans that envisioned this type of massive-scale infectious virus.</p> <p>Every organization has some level of business continuity planning and compliance around known and probable risks &ndash; including natural disasters, local emergencies, shutdowns, security breaches, and fires. Some businesses may have included a limited number of actions around pandemics, especially if their operations were impacted in such previous outbreaks, such as SARS in 2014. But many of these plans were only routine &ldquo;check-the-box&rdquo; efforts, where compliance with the checklist was the main goal. When the unprecedented upheaval of COVID-19 hit, organizations everywhere had the same questions:</p> <ul> <li>What should we do?</li> <li>What can we do?</li> <li>What can&rsquo;t we do?</li> <li>What is legal, what is not?</li> <li>What aren&rsquo;t we thinking of?</li> </ul> <p>Unfortunately, perfunctory risk plans left many of those questions unanswered. Without robust and genuine programs around known and probable risks, some organizations found themselves largely unprepared for this historic event. Without a strong core of risk, health, and safety response programs, many companies were unsure of how to approach COVID-19. In the early going, this paralysis proved costly.</p> <p>Now, these companies must scramble to answer more pointed questions in order to move forward effectively:</p> <ul> <li>If worker safety wasn&rsquo;t already a priority, how will you quickly move to address new health risks?&nbsp;</li> <li>If you didn&rsquo;t already have a strong framework to assess and address risk, how are you going to prioritize resources?</li> <li>If your Environment, Health, and Safety (EH&amp;S) program is in its own silo, how are you going to quickly address new labor laws, new life safety requirements, new EPA regulations, new CDC recommendations, and new facility layout and occupancy guidelines?</li> <li>How will you wind down facilities to operate with skeleton crews if there is not already an established and rehearsed process?</li> <li>If your EH&amp;S or emergency action plans were not strong, how will you layer in new infection control requirements?</li> </ul> <p>For a company with a weak foundation, it will be extremely difficult to scale up and manage this incredible new risk and implement associated regulations. If there will be a silver lining from COVID-19, it could be the end of compliance for compliance&rsquo;s sake, in favor of moving toward an enterprise-wide risk management approach across businesses.</p> <h1>Health and Safety as Foundational to Company Culture</h1> <p>Ask any CEO or senior leader to cite their key priorities, and you will get a wide range of responses. The logistics leaders who were best prepared for COVID-19 place health and safety near the top of their list and did so before the pandemic crisis. Key leaders in these companies set a very clear philosophical or ideological tone that health and safety are foundational to the business. They intentionally align workforce health and safety goals with customer and financial goals across the enterprise.</p> <p>These companies don&rsquo;t just comply with requirements &ndash; their focus is on the intent behind those requirements. These health-and-safety-focused organizations have very clear and effective procedures that are constantly improved, funded, and resourced with transparency around performance. Ultimately this cultivates a strong health and safety mindset at the core of its operations&mdash;its employees.&nbsp;</p> <p>There is nothing perfunctory about the health, safety, and continuity plans of a business where health and safety is a top organizational priority. Certain companies came into the crisis with well-developed programs that could be modified to layer in quickly evolving requirements to protect employees, customers, and critical supply chains. Their business continuity plans were not sitting in a drawer with outdated phone numbers and addresses; they were living documents, developed and driven through cross-functional teams with representation from operations, facilities, human resources, risk management, quality, and finance or procurement to ensure balance and buy-in. Successful companies also anticipated how risks and plans impacted customers and critical supply chains and had the ability to address an emerging risk like COVID-19 quickly.</p> <p>Trish St. John, VP of Safety and Quality Assurance at Suddath&reg;, said her team has been working since the start of the pandemic to implement changes quickly and efficiently. However, there are still a lot of unknown variables.</p> <p>&ldquo;We don&rsquo;t have all the facts, there&rsquo;s still a lot unknown, but leaders and health and safety professionals should be making the best informed decisions with what we do know using data, predictive analytics and a myriad of policy and regulatory changes to make quick decisions focused on mitigating risk,&rdquo; St. John said. &ldquo;Because Suddath had such a robust safety and quality program prior to this, it&rsquo;s been easier to meet new regulatory and customer requirements to make sure we do our part to enable them to operate effectively through the pandemic.&rdquo;&nbsp;</p> <p>Prepared organizations not only developed comprehensive plans, but they maintained coordinated plans that were site-specific with rigor around training and rehearsal. These companies were also in a better position to envision the steps needed to solve new challenges rather than starting from scratch. With a mature good hygiene practices (GHP) program, hand hygiene, wellness, and sanitation guidelines can be broadened to other locations. If a company has a sophisticated life safety program, employees can better adapt to new egress and occupancy rules. If a company&rsquo;s EPA and hazardous waste programs are up to date, it will be easier to keep pace with changing regulations. The companies that embrace health and safety within their core philosophies are in a much better position to weather the storm and use any crisis to ultimately strengthen their business model.</p> <h1>Triple-Bottom-Line Thinking in Third-Party Logistics</h1> <p>Companies and society have broadened our definition of the bottom line. Making money remains the objective of any commercial operation, but the impact we make on our employees, our communities, and our environment is critical to holistic success. Leading third-party logistics companies did not need a health pandemic to refocus on employee safety &ndash; they were already doing the right things to protect worker safety, an approach that can readily be adapted to mitigate new risks.</p> <p>&nbsp;</p> <table border="1" cellpadding="0" cellspacing="0"> <tbody> <tr> <td style="width:312px;"> <p><strong>Perfunctory Plans</strong></p> </td> <td style="width:312px;"> <p><strong>Genuine Plans</strong></p> </td> </tr> <tr> <td style="width:312px;"> <p>Generic</p> </td> <td style="width:312px;"> <p>Focus on the intent of the requirement</p> </td> </tr> <tr> <td style="width:312px;"> <p>Focus on meeting a requirement</p> </td> <td style="width:312px;"> <p>Ask what we<em> should</em> do</p> </td> </tr> <tr> <td style="width:312px;"> <p>Ask what <em>must </em>we do</p> </td> <td style="width:312px;"> <p>Adaptable, continually improving - the goal is continuous improvement&nbsp;&nbsp;</p> </td> </tr> <tr> <td style="width:312px;"> <p>On a shelf or in a drawer</p> </td> <td style="width:312px;"> <p>Site, region or customer-specific</p> </td> </tr> <tr> <td style="width:312px;"> <p>One size fits all</p> </td> <td style="width:312px;"> <p>Easy to layer in new requirements</p> </td> </tr> <tr> <td style="width:312px;"> <p>Difficult to adapt to a changing environment</p> </td> <td style="width:312px;"> <p>Developed by cross-functional teams</p> </td> </tr> <tr> <td style="width:312px;"> <p>Developed without structured collaboration</p> </td> <td style="width:312px;"> <p>Specific response teams</p> </td> </tr> <tr> <td style="width:312px;"> <p>Undefined response teams</p> </td> <td style="width:312px;"> <p>Customized to your business, anticipating customer impact</p> </td> </tr> <tr> <td style="width:312px;"> <p>&nbsp;</p> </td> <td style="width:312px;"> <p>Ready for use now</p> </td> </tr> </tbody> </table> <p>&nbsp;</p> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/covid-19" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">COVID-19</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/risk-management-and-compliance-grc" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Risk Management and Compliance (GRC)</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/risk-prevention" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Risk Prevention</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/business-continuity-plan" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">business continuity plan</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/third-party-risk-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Third Party Risk Management</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="Why &amp;ldquo;Paper Compliance&amp;rdquo; is Not Good Enough in a Post-COVID-19 World - Future of Sourcing" addthis:url="https://futureofsourcing.com/why-paper-compliance-is-not-good-enough-in-a-post-covid-19-world"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div><div class="field field-name-field-region field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Region:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/regions/global" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Global</a></div></div></div> Wed, 27 May 2020 14:11:28 +0000 Mark Scullion 1776 at https://futureofsourcing.com https://futureofsourcing.com/why-paper-compliance-is-not-good-enough-in-a-post-covid-19-world#comments Innovations in Governance & Compliance: E*TRADE Financial Corporation https://futureofsourcing.com/innovations-in-governance-compliance-etrade-financial-corporation <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://futureofsourcing.com/sites/default/files/articles/FOS%20Header%20Image_Innovations%20in%20Governance%20and%20Compliance_3.png"><a href="https://futureofsourcing.com/sites/default/files/articles/FOS%20Header%20Image_Innovations%20in%20Governance%20and%20Compliance_3.png" title="Innovations in Governance &amp; Compliance: E*TRADE Financial Corporation" class="colorbox" rel="gallery-node-1614-LJNQREIsKlA"><img typeof="foaf:Image" src="https://futureofsourcing.com/sites/default/files/styles/juicebox_medium/public/articles/FOS%20Header%20Image_Innovations%20in%20Governance%20and%20Compliance_3.png?itok=887sj0Zh" width="624" height="325" alt="Innovations in Governance &amp; Compliance: E*TRADE Financial Corporation" title="" /></a></div></div></div><div class="field field-name-field-intro field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"> <p>This October, the&nbsp;<a href="https://futureofsourcingawards.com/?__hstc=215510152.344406f4865c40604cf6029be7e958e0.1543422516683.1570835886974.1570842947555.661&amp;__hssc=215510152.2.1570842947555&amp;__hsfp=847670889" target="_blank">Future of Sourcing Awards</a>&nbsp;will celebrate organizations and individuals that have shown innovation, leadership and transformation in categories that are critical to the sourcing industry. Interviews with the finalists provide helpful insight about their projects, the problem they sought to solve and the impact to their organizations. Learn how E*TRADE Financial Corporation leveraged the workflow capabilities of SharePoint to capture approvals and move vendor on-boarding requests to the various groups across their organization.</p> </div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <div> <h3><em>Can you outline why your team embarked on this project and the problem that needed to be solved? </em></h3> </div> <div>Our Procurement team took over the process to identify vendor inherent risk from our Third Party Risk Management (TPRM) group. The process we acquired was driven by email and shared drive folders. We were receiving an average of 70 emails per week, and this manual, high volume process was ripe for human error. &nbsp;&nbsp;</div> <div>&nbsp;</div> <div>We decided to develop a digital intake solution, which would create single point of entry. The company had just rolled out SharePoint and we decided to leverage that platform to create the intake solution. We realized that we could also leverage the workflow capabilities of SharePoint to capture approvals and move vendor on-boarding requests to the various groups (e.g. Finance, Legal, AP) across our process. &nbsp;&nbsp;</div> <div>&nbsp;</div> <div>While the initial use case for the SharePoint solution was to manage the risk review process, other stakeholders quickly saw the value, and we designed and built out a robust digital workflow solution for their expanded use.&nbsp;</div> <div>&nbsp;</div> <div> <h3><em>How do you plan to ensure that the new model remains relevant and adapts to the future needs of the market?</em></h3> </div> <div>Initially, the Procurement, Contracting and TPRM processes were managed through email, and folders on enterprise shared drives. &nbsp;Individuals would develop their own ad-hoc Excel based trackers to keep track of the very manual process steps. &nbsp;We were also required to store multiple emails, documents and approvals as evidence for audit purposes. &nbsp;The manual nature of the process and heavy document retention requirements were inspiration to develop a solution that would automate many of the non-value add steps. &nbsp;</div> <div>&nbsp;</div> <div> <h3><em>What KPIs did you use to measure success for this project? (For example: performance, customer satisfaction, revenue, sales or relevant financial gains?)</em></h3> </div> <div>We measured success for the project using the following metrics:&nbsp;</div> <div>&nbsp;</div> <ul> <li>Improved efficiency: Time saving of ~5 hours of FTE time / week</li> <li>Reduction in email requests: Average reduction of 70 emails</li> <li>Strengthened controls through automation and digital tracking &ndash; the workflow solution enforced and tracked two approvals: <ul> <li>Business approval of the spend &nbsp;</li> <li>Finance approval of budgeted amount &nbsp; &nbsp;</li> </ul> </li> </ul> <div><strong>How you plan to ensure that the new model remains relevant and adapts to the future needs of the market?&nbsp;</strong></div> <div>We have a process to receive enhancement requests from our end users. &nbsp;Those requests are assessed by the benefit they will deliver and complexity to incorporate. &nbsp;We then prioritize accordingly. &nbsp;Once new functionality is built, we test the enhancements before rolling them out to the broader end user organization. &nbsp;This process has enabled us to deliver multiple enhancements since our initial roll-out. &nbsp;&nbsp;</div> <div>&nbsp;</div> <div> <h3><em>What advice do you have for those who may want to implement this innovative approach in their own organizations?</em></h3> </div> <div>While there are many off the shelf solutions available, for those with the appetite, we recommend considering the tools your organization may already have available, to develop a solution to meet your needs. &nbsp; By doing so, we were able to develop a custom, scalable solution in a short time frame. &nbsp;We did not have to rely on Technology resources for implementation, and we also have ownership to administer our own enhancements.&nbsp;</div> <div>&nbsp;</div> <div>We recommend taking a structured approach to development:&nbsp;<br />&nbsp;</div> <ol> <li>Conduct outreach to your stakeholder group to understand their pain points</li> <li>Clearly define the problem(s) you are trying to solve</li> <li>Document future state processes including any enhancements, automation, etc. your solution will deliver<br />Return to your stakeholder group to gain buy-in on the future state&nbsp;</li> <li>Build your solution</li> <li>Test your solution<br />Consider identifying a few end users to pilot the solution and provide you with feedback</li> <li>After refining accordingly, roll-out your solution with appropriate communication and support tools (FAQs, training material, job aids, etc.)</li> <li>Implement continuous improvement by continuing to invest in enhancements to the solution&nbsp;</li> </ol> <div>&nbsp;</div> <div> <h3><em>How did you get your company and/or stakeholders to get on board and support this project?</em></h3> </div> <div>We were able to garner support from our organization by articulating the value it would deliver to impacted stakeholders. &nbsp;For example, the solution minimized confusion for our business users by providing a single point of entry for vendor requests. &nbsp;For our Procurement organization, the solution provides visibility in a dashboard view of their workload. &nbsp;And for our Risk and Audit organizations, required approvals and documentation are trackable and accessible. &nbsp;&nbsp;</div> <div>&nbsp;</div> <div>We also invested the time upfront in developing training content that was published on our company&rsquo;s intranet site. &nbsp;This enabled our end users to self-serve and easily access information regarding the new tool. &nbsp;</div> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/third-party-risk-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Third Party Risk Management</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/governance" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Governance</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/compliance" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Compliance</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/future-of-sourcing-awards" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Future of Sourcing Awards</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="Innovations in Governance &amp;amp; Compliance: E*TRADE Financial Corporation - Future of Sourcing" addthis:url="https://futureofsourcing.com/innovations-in-governance-compliance-etrade-financial-corporation"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div><div class="field field-name-field-region field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Region:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/regions/global" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Global</a></div></div></div> Sat, 21 Sep 2019 01:47:12 +0000 Future of Sourcing Awards 1614 at https://futureofsourcing.com https://futureofsourcing.com/innovations-in-governance-compliance-etrade-financial-corporation#comments Rising Star Interview: Ruchi Aswal https://futureofsourcing.com/rising-star-interview-ruchi-aswal <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://futureofsourcing.com/sites/default/files/articles/Ruchi%20Aswal_FOS%20Individual%20Award_Interview.png"><a href="https://futureofsourcing.com/sites/default/files/articles/Ruchi%20Aswal_FOS%20Individual%20Award_Interview.png" title="Rising Star Interview: Ruchi Aswal" class="colorbox" rel="gallery-node-1583-LJNQREIsKlA"><img typeof="foaf:Image" src="https://futureofsourcing.com/sites/default/files/styles/juicebox_medium/public/articles/Ruchi%20Aswal_FOS%20Individual%20Award_Interview.png?itok=teaPu1Z8" width="624" height="325" alt="" title="" /></a></div></div></div><div class="field field-name-field-intro field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"> <p>This October, the&nbsp;<a href="https://futureofsourcingawards.com/?__hstc=215510152.344406f4865c40604cf6029be7e958e0.1543422516683.1569246162533.1569255891714.593&amp;__hssc=215510152.1.1569255891714&amp;__hsfp=3079266627" target="_blank">Future of Sourcing Awards</a>&nbsp;will celebrate individuals newer to the industry whose thought leadership and expertise have shown promise that is likely to have a lasting impact on the industry. Below, read about Rising Star Finalist Ruchi Aswal who&nbsp;<span data-contrast="none" style="clear:none;" xml:lang="EN-US">leads customer engagement and product management for SAP Ariba Supplier Risk solutions that assess, monitor and mitigate supplier risks throughout the sourcing and procurement processes.</span></p> </div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <div> <h3><em>How did you get into this field &ndash; was it purposeful or by accident?</em></h3> </div> <div>It was by accident. &nbsp;&nbsp;</div> <div>&nbsp;</div> <div>I studied engineering and entered the industry as a Quality Assurance (QA) engineer. I worked as an engineer for a couple of year before I realized I wanted to be more directly involved in solving user problems and overall product development and delivery. I decided to transition from my role as a QA engineer for the sourcing and contract management solutions to a product manager role for supplier risk solutions. Four years later, I now lead the product management team for Supplier Risk and Sustainability solutions. &nbsp;</div> <div>&nbsp;</div> <div> <h3><em>In what ways do you hope to influence or transform the industry?</em></h3> </div> <div>We recently built a third-party risk management system that introduces a risk control framework to identify, assess and mitigate risk in trading partner engagements. We still have some work to do there, but I can already see how it&rsquo;s bringing a transformational change in our customers&rsquo; risk practices and more transparency across categories and departments. &nbsp;</div> <div>&nbsp;</div> <div>The other area where I hope to transform the industry is sustainable procurement. I would like to build solutions that bring social and environment sustainability to the core of procurement. &nbsp;</div> <div>&nbsp;</div> <div> <h3><em>Who are the mentors or role models who have guided you in your career?</em></h3> </div> <div>Padmini Ranganathan has been my mentor for some years now and has helped me navigate my professional journey. She is a visionary and has helped me realize what I am capable of achieving regardless of the challenges. &nbsp;</div> <div>&nbsp;</div> <div> <h3><em>Looking ahead, what trends do you think will emerge in the sourcing and procurement space?</em></h3> </div> <div>I see two important trends emerging: sustainable procurement and intelligent spend management.</div> <div>&nbsp;</div> <div><strong>A. Sustainable procurement</strong></div> <div>&nbsp;</div> <div>Earlier this year SAP Ariba conducted a multi-country consumer study with Reputation Institute (of the global 100) covering 10,000 consumers:&nbsp;</div> <div>&nbsp;</div> <ul> <li>On average, 53% of millennials would be willing to pay more for brands that build more visibility into their purchasing practices.</li> <li>In emerging markets, 80% of consumers would be willing to pay a premium for products from an industry that actively works to reduce its environmental footprint. &nbsp;</li> <li>52% of consumers (and 67% of millennials) prefer buying from companies that are open and transparent in their operations. &nbsp;</li> </ul> <p>This and other studies like it demonstrate that being sustainable can be profitable in long run. We already see the shift happening. &nbsp;</p> <p>At SAP Ariba, we are working with several partners who have valuable data that once embedded into a procurement system can help procurement professionals make better, more informed decisions. &nbsp;</p> <div><strong>B. Intelligent Spend Management&nbsp;&nbsp;</strong></div> <div>&nbsp;</div> <div>Intelligent spend management is about managing all categories of spend from a single platform, automating repetitive processes and infusing the process with intelligence that delivers actionable insights.&nbsp;</div> <div>&nbsp;</div> <div> <h3><em>What is something you wish more people knew about the sourcing and procurement industry?</em></h3> </div> <div>We know consumers vote with their dollars and increasingly people are making more socially conscious purchase decisions. But even before consumers make those decisions, it&rsquo;s the sourcing and procurement professionals who decide on who, where, what, how to buy the materials that go into the products consumers buy. To effect real and sustainable change, start with the sourcing and procurement industry. While cost cutting may be what these professional are most well-known for, understand that these professionals are making decisions every day that impact people and the planet. &nbsp;</div> <div>&nbsp;</div> <div> <h3><em>What advice do you have for those who are considering a career in sourcing or procurement?</em></h3> </div> <div>I would suggest networking with like-minded people and finding the opportunities that excite you. Say yes often and bring your passion to every project &ndash; no matter how small it may seem. &nbsp;</div> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/supplier-risk" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Supplier Risk</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/supplier-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Supplier Management</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/future-of-sourcing-awards" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Future of Sourcing Awards</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/sustainability" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Sustainability</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/third-party-risk-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Third Party Risk Management</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="Rising Star Interview: Ruchi Aswal - Future of Sourcing" addthis:url="https://futureofsourcing.com/rising-star-interview-ruchi-aswal"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div><div class="field field-name-field-region field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Region:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/regions/global" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Global</a></div></div></div> Wed, 21 Aug 2019 16:29:55 +0000 Ruchi Aswal 1583 at https://futureofsourcing.com https://futureofsourcing.com/rising-star-interview-ruchi-aswal#comments Innovations in Third Party Management: Bank of Canada & Ontala https://futureofsourcing.com/innovations-in-third-party-management-bank-of-canada-ontala <div class="field field-name-field-image field-type-image field-label-hidden"><div class="field-items"><div class="field-item even" rel="og:image rdfs:seeAlso" resource="https://futureofsourcing.com/sites/default/files/articles/FOS%20Header%20Image_Innovations%20in%20Third%20Party%20Managemnent.png"><a href="https://futureofsourcing.com/sites/default/files/articles/FOS%20Header%20Image_Innovations%20in%20Third%20Party%20Managemnent.png" title="Innovations in Third Party Management: Bank of Canada &amp; Ontala" class="colorbox" rel="gallery-node-1571-LJNQREIsKlA"><img typeof="foaf:Image" src="https://futureofsourcing.com/sites/default/files/styles/juicebox_medium/public/articles/FOS%20Header%20Image_Innovations%20in%20Third%20Party%20Managemnent.png?itok=9Jf1Gkkc" width="624" height="325" alt="Innovations in Third Party Management: Bank of Canada &amp; Ontala" title="" /></a></div></div></div><div class="field field-name-field-intro field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"> <p>This October, the <a href="https://futureofsourcingawards.com" target="_blank">Future of Sourcing Awards</a> will celebrate organizations and individuals that have shown innovation, leadership and transformation in categories that are critical to the sourcing industry. Interviews with the finalists provide helpful insight about their projects, the problem they sought to solve and the impact to their organizations. Below, read about how Bank of Canada worked with Ontala to design and implement an innovative third party management system.</p> </div></div></div><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"> <div> <h3><em>Can you outline why your team embarked on this project and the problem that needed to be solved?</em></h3> </div> <div>Aligned with the Bank&rsquo;s vision for being a leading Central Bank, the Bank had an objective to design and implement the Next Generation of its Third Party Risk Management Program informed by best practices and adapted to meet the needs of a central bank.</div> <div>&nbsp;</div> <div> <h3><em>How were things done originally and what was the inspiration to innovate the process?</em></h3> </div> <div>While there were many good practices in third party risk management across the organization, there was an opportunity to improve the consistency and methodology, more clearly define roles and responsibilities, and increase integration and efficiency, thereby enhancing the overall effectiveness of third party risk management practices.&nbsp;</div> <div>&nbsp;</div> <div> <h3><em>What KPIs did you use to measure success for this project? (For example: performance, customer satisfaction, revenue, sales or relevant financial gains?)</em></h3> </div> <div> <div>The project had three overall measures of success that were articulated by the working group</div> <ul> <li>Improved process (clarity of process, consistency and objectivity)</li> <li>Integrated tools (repeatable process and tools that support lifecycle management)</li> <li>Stronger risk management (risk-based approach, and role clarity)</li> </ul> </div> <div> <h3><em>How you plan to ensure that the new model remains relevant and adapts to the future needs of the market?</em></h3> </div> <div>We will learn forward from stakeholder feedback and risk events that affect the bank and others. We will also ensure regular reviews and continued benchmarking with like organizations.</div> <div>&nbsp;</div> <div> <h3><em>What advice do you have for those who may want to implement this innovative approach in their own organizations?</em></h3> </div> <div>The key to success for this project was engagement of all key stakeholders &ndash; starting with the engagement of executive management to be pro-actively involved in decision-making. A working group consisting of both first and second line stakeholders ensured that the design of the program and tools met their needs and objectives.&nbsp;</div> <div>&nbsp;</div> <div> <h3><em>How did your team assess the risks/potential for your third party management strategy?</em></h3> </div> <div>The combination of experience and expertise, an &ldquo;ask&rdquo; versus &ldquo;tell&rdquo; approach and integration of existing best practices minimized the project risk and delivered a solution that is tailored to the needs of each stakeholder group in a Central Bank.&nbsp;</div> </div></div></div><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/tags/risk" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Risk</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/third-party-risk-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Third Party Risk Management</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/lifecycle-management" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Lifecycle Management</a></div><div class="field-item odd" rel="dc:subject"><a href="/tags/tools" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Tools</a></div><div class="field-item even" rel="dc:subject"><a href="/tags/future-of-sourcing-awards" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Future of Sourcing Awards</a></div></div></div><div class="field field-name-field-addthis field-type-addthis field-label-hidden"><div class="field-items"><div class="field-item even"><div class="addthis_toolbox addthis_default_style " addthis:title="Innovations in Third Party Management: Bank of Canada &amp;amp; Ontala - Future of Sourcing" addthis:url="https://futureofsourcing.com/innovations-in-third-party-management-bank-of-canada-ontala"><a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_linkedin"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_facebook"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_twitter"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_googleplus"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_pinterest_share"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_reddit"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_email"></a> <a href="https://www.addthis.com/bookmark.php?v=300" class="addthis_button_print"></a> </div> </div></div></div><div class="field field-name-field-region field-type-taxonomy-term-reference field-label-inline clearfix"><div class="field-label">Region:&nbsp;</div><div class="field-items"><div class="field-item even"><a href="/regions/global" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">Global</a></div></div></div> Sun, 04 Aug 2019 23:29:30 +0000 Future of Sourcing Awards 1571 at https://futureofsourcing.com https://futureofsourcing.com/innovations-in-third-party-management-bank-of-canada-ontala#comments