The SIG Webinar will begin shortly. Once the webinar begins, the sound will come from your computer speakers. In the meantime, please take a look at the upcoming SIG networking events listed on the right side of your screen and plan to join us if you are in one of these cities this fall. NETWORKING EVENTS GLOBAL SUMMITS Oct 27-29 – Huntington Beach SYMPOSIUMS Nov 10 – San Francisco Bay Area REGIONAL ROUNDTABLES Nov 5 – Raleigh, NC For more information and to register for all SIG events: www.sig.org
56
Embed
SAP Streamwork Collaborative Decision Making, SAP ...sig.org/docs2/SIG Ariba 10222015 Webinar.pdf · will come from your computer speakers. In the meantime, please take a look at
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
The SIG Webinar will begin shortly.
Once the webinar begins, the sound will come from your computer
speakers.
In the meantime, please take a look at the upcoming SIG networking events listed on the right side of your screen
and plan to join us if you are in one of these cities this fall.
NETWORKING EVENTS
GLOBAL SUMMITSOct 27-29 – Huntington Beach
SYMPOSIUMS
Nov 10 – San Francisco Bay Area
REGIONAL ROUNDTABLES
Nov 5 – Raleigh, NC
For more information and to register for all SIG events:
www.sig.org
RECENT POSTINGS
The SIG Career Network is
bursting with opportunities.
New jobs are posted daily by some
of the best known global companies in the world for those
seeking careers in sourcing, outsourcing, procurement and
related functions.
For more information go to: www.sig.org/career-center.php
Agenda• Need for Supplier Risk Management and Why is it Challenging
• Addressing Supplier Risk with Ariba Solutions
• Best Practices in Supplier Risk Management – Deloitte
• Solution Demo
• Q&A
Deloitte Consulting LLP
October 2015
Supplier Risk Management
- 23 -
ClientLogo
ClientLogo
Supply chains are continuously exposed to a multitude of risks, emanating from
within and outside of their value chains
Supply Chain Risk Framework
Note: Though not depicted above in order to maintain simplicity, risks are often highly inter-related with impacts spanning across functions internal to the company and externally within the extended value chain.
Macro environment risksHave potential effects across the entire supply chain
Economic
€$ ₤¥
Geopolitical Hazards
!
Regulatory
Functional risksExist among enabling functions that support supply chain processes
Finance Human Resources LegalInformation Technology$$$
Extended value chain risksOriginate in upstream and downstream supply chain partners
Operational risksRelate to internal process risks
Develop Plan Source Make Deliver/Return
Tier N End Users
Supply Demand
Environmental/Socia
l Responsibility
Tier 1 Distributors3rd Party
Services
SecurityInfrastructure /
Resources
- 24 -
ClientLogo
ClientLogo
A Supplier Risk Management program should effectively monitor and manage all key
third party relationships across an organization
Sales
Finance
Operations
IT
HR
Procurement
Logistics
Marketing
Direct Materials
Suppliers
Indirect Suppliers
Tier N Suppliers
Corporate Functions Buy Side Partners
Other Third Parties
Contract
Manufacturers
Outsourced
Service Providers
Supplier Risk Management Program
Provide central visibility to business relationships
Measure, monitor and manage relationships risk,
performance, and compliance
Manage relationships proactively vs. reactively
Deepen and improve key relationships
Improve top ad bottom line performance
“Agents”
Alliance Partners
- 25 -
ClientLogo
ClientLogo
A key first step in building a capability to manage supplier relationships is to define
the type of risks you want to measure, monitor and manage
Compliance Risk
Vendor actions are
inconsistent with legal,
regulatory, or policy
requirements
Strategic Risk
Vendor is not aligned to
organization’s strategic
objectives
Financial Risk
Vendor cannot meet
contractual obligations due
to financial difficulties
Transaction /
Operational Risk
Vendor is unable to deliver
products / services
appropriately
Credit Risk
Vendor is unable to make
payments it is obligated to
Contractual Risk
Service / product provided
by the vendor is
incompletely defined in the
contract
Reputation Risk
Vendor’s issues effect
company brand
Geo-political Risk
Country-specific factors
(e.g., government, climate)
affect vendor performance
Info Security Risk
Vendor is able to access
information outside of
defined business
requirements
Business Continuity
Risk
Vendor is unable to
continue providing
products / services
Supplier Risk Domains
1
2
3
4
56
7
8
9
10
- 26 -
ClientLogo
ClientLogo
A repeatable, scalable process is required to efficiently and effectively identify,
monitor and manage supplier risk
Assess
Inherent Risk
Identify Risk
Mitigants
Assign Residual
Risk Rating
1 2 3
Ongoing Testing
and Monitoring
Evaluate engagement
based on agreed-upon
risk criteria, including
identification of risk
areas present,
materiality, and IR rating
Determine risk mitigants
(contract or operational
controls) to apply based
on inherent risk and
engagement type
Review effectiveness of
risk mitigants and
determine residual risk
rating, which drives
ongoing monitoring
Evaluate and monitor
the effectiveness of risk
mitigants and update
residual risk rating if
needed
4
Due Diligence and
Strategic Sourcing
Supplier Negotiations
and Contracting
Supplier Onboarding
and Management
Ob
jecti
ves a
nd
Ou
tpu
ts
Supplier Risk Management Processes
- 27 -
ClientLogo
ClientLogo
Since risk may not be tied to criticality or spend, risk profiling and tiering is used to
identify high risk suppliers up front and focus risk mitigation efforts on them
Supplier Risk Profiling and Tiering
Identify highest risk suppliers among the broader population
Define specific risks and level of risk to understand risk exposure and mitigation strategies
Vendor Segment DefinitionAppropriate Number of
Vendors
Pre-Selection Risk Management
Activities
Post-Vendor and Ongoing Management
Activities
High Risk Vendor
(10-15%)
Approved vendor that may cause:
Significant financial loss (e.g., >$1M)
Long-term / irreparable reputational damage
….
Top 50 vendors by spend
10% of highest-risk vendors
Vendor Risk Assessment
Business Continuity Review
Financial Stability Review
SSAE 16 Review
Completion of all required risk assessments
Specific contractual language
….
Medium Risk
Vendor
(20-25%)
Approved vendor that may cause:
Moderate financial loss (e.g., $100K - $1M)
Temporary reputational damage
….
Next 20% of highest- risk vendors Vendor Risk Assessment Completion of necessary risk assessments
Vendor self Assessments or SSAE 16
….
Low Risk Vendor
(55-65%)
Approved vendor that may cause:
Insignificant financial loss (e.g., <$100K)
Little to no reputational damage
….
70% of lowest-risk vendors Annual rating review
Trigger event monitoring
Ongoing Risk Management
What
How
Why
Assess each supplier against a pre-defined set of questions to understand the inherent risk
Determine residual risk through additional due diligence
Focus on highest risk suppliers by bucketing suppliers into risk ‘tiers’
Determine level of ongoing monitoring and management to reduce risk
- 28 -
ClientLogo
ClientLogo
A robust SRM program is based on adoption of key governance building blocks
supported by enabling technology and data
A formal strategy defining the SRM role within the enterprise risk management
function exists for a single view of supplier risk across the organization
Well defined roles and responsibilities exist to develop an optimized
organizational structure to manage the supplier assessment lifecycle,
including termination activities
Policies, procedures and guidelines defining risk assessment
methodology and activities, risk tolerance levels and integration
points with other supplier and risk management functions exist to
ensure consistency and quality in program activities
Coordinated communication channel exists to inform stakeholders
of SRM and the business value of the program
Programs to educate stakeholders of responsibilities at all stages of
the supplier management lifecycle
Formal processes exist to assess the effectiveness of
the EBRM program against program requirements and
organizational requirements
Metrics and reporting requirements exist for risk
assessment activities and program operational
components to ensure data quality and
accuracy and audience specific reporting.
Tools and technology drive groups to use common
risk management processes, which enhances the
effectiveness and efficiency of the program.
Strategy
Organization
Communications, Training and Awareness
Technology and Tools
Metrics and Reporting
Procedures Guidelines
Policies
Audit &
Compliance
Supplier
Assessment
Program
Assessment
Govern
Manage
Operate
- 29 -
ClientLogo
ClientLogo
A SRM solution must fit within the broader source-to-pay technology landscape, with
integrations to contract lifecycle management, procure-to-pay and other systems
Line Item Pricing
and Terms
Contractual pricing,
terms and conditions
Opportunity identification and
assessment
Virtual project workroom
eRFX: RFI, RFQ, RFP
On-line negotiations
Reverse and forward auctions
Online collaborative scoring
eSourcing
Centralized contract repository
Automated monitoring for
contract expiration
Automated contract authoring
with approval workflow
Contract controls enabled in
standard templates
Contract Management
Electronic catalogs and
transactional contracts
Requisition and Purchase
Order approval routing
Real time transaction status
Electronic receipt
eProcurement
Electronic invoices / payments
Manual invoice scanning
capabilities
Approval and query resolution
workflow
Online supplier queries
Electronic archiving
Invoicing
Approved PO’s,
electronic invoices
Source to Contract Modules Procure to Pay Modules
Spend Analysis & Reporting
Sourcing opportunity
identification
Sourcing process reporting
Real-time contract usage
Contract compliance reporting
Spend tracking and
management reporting
Purchasing behavior insight
Tax compliance, spend
information
Supplier Management (Onboarding and Risk, Performance and Data Management)