Prior to the pandemic, the procurement profession could have benefitted from little brand management. Purchasing professionals in more than a few companies had a reputation for obsessing over price to the exclusion of all other factors. Colleagues rolled their eyes at procurement’s strict sourcing requirements and lengthy vendor onboarding processes. Vendors complained about getting hammered on price and payment terms.
In many organizations, however, that stereotype lingered longer than it deserved to.
These types of procurement perceptions, and misperceptions, are important for third party risk management (TPRM) professionals to recognize when they arise. That’s because the efficacy and ease of their own work depends, in part, on their relationship with procurement colleagues. So, it’s worth a quick look at where procurement is coming from and, more important, where the profession is (rapidly) heading. This context should help third party risk experts cultivate a more constructive, mutually beneficial with their purchasing peers.
“In third party risk circles, successful partnerships are not just about cultivating outsourced relationships, but internal relationships as well,” says Santa Fe Group and Shared Assessments Vice President and Chief Information Security Officer Tom Garrubba. “Business units can’t work in silos anymore and there needs to be a symbiotic relationship between third party management and the procurement team.”
Long before COVID-19 struck, many procurement groups were putting their sourcing strategies under the microscope, conducting analyses of major spend categories, and developing new key performance indicators (KPIs) to improve supplier performance management activities. Leading procurement functions were making even bigger changes, primarily by implementing advanced supporting software – modules within ERP systems or standalone applications – to improve the efficiency and ease of requisitioning, order-processing and other transactions processes. Highly advanced procurement teams were plunging into digital transformation by implementing cutting-edge capabilities, such as e-sourcing and e-invoicing, and trying out next-generation procurement solutions featuring data visualization and robotic process automation (RPA) functionality.
When the pandemic arrived, it turbo-charged those digital transformation efforts but also thrust procurement teams (and their accounts payable partners) in hard-hit industries back into a “cash-is-king” mindset. Deloitte 2020’s Chief Procurement Officer Flash Survey was conducted in mid-2020 when the COVID-tinged economic outlook remained highly uncertain. It showed cost management – which in many companies was receiving eight times more daily attention compared to other procurement concerns — as the chief procurement officers’ top 2020 priority.
While economic conditions have improved dramatically since the survey was taken, the results should remind TPRM professionals that procurement activities are a crucial cost-management lever during difficult times.
TPRM teams should also consider the following procurement priorities, trends and challenges when striving to enhance their colleagues third party risk management awareness:
- Supplier represent a core procurement responsibility: Broad-brush depictions of procurement teams as cost-obsessed obscures the fact that supplier risk is a core procurement responsibility, along with supplier performance management. TPRM teams can help their procurement counterparts perform this objective as well as the related requirement of managing supplier performance. Deeper insights about third party risks can yield insights on how to improve that performance.
- Procurement is going digital: “Digital labor aided by robotic process automation (RPA), machine learning and cognitive technologies is helping bring about automation and other technology based enhancements in the procurement function,” a KPMG report notes. “Digital procurement is enabling a progressive digitization of labor through automation of existing mundane processes and opening the door to new levels of performance at every stage of the procurement process.” While this transformation sounds sleek, executing it requires loads of work. TPRM professionals should keep in mind that these digital transformation initiatives typically address numerous procurement activities, including contract management, strategic sourcing, category management, supplier management and more. Procurement processes may be disrupted during the implementation of new supporting technologies, which could temporarily hinder procurement’s supplier risk management activities.
- KPIs are key: Procurement teams keep tabs on a range of metrics –those that gauge costs (e.g., cost per invoice, cost per purchase order, etc.), purchasing volumes, spend patterns, vendor availability and much more. TPRM groups that are knowledgeable of these KPIs have a better read on procurement challenges as well as an opportunity to recommend the use of new measures related to third party risk.
The key to a healthy procurement-TPRM relationships is finding common ground. “By working in concert,” Garrubba adds, “you can drive value to the organization by weeding out prospects with poor cyber hygiene, thus enabling a quicker assessment turnaround time for vendors that evidence a mature cyber and privacy hygiene.”