Screening Suppliers: What we can learn from the TSA

As the recent events in Boston remind us, there are a few groups and individuals who for various reasons choose to use violence to terrorize innocent citizens. In the aftermath of September 11, the US Department of Homeland Security (DHS) was created to bring together Federal resources to assess and mitigate threats on American soil.

One of the most visible component agencies of the DHS is the Transportation Security Agency (TSA), an agency employing 55,000 staff members primarily tasked with providing aviation security and protecting the millions of individuals who fly annually.
 

While we have not experienced another event like September 11 since the TSA was created, critics have often contended that early on in its history the TSA was reactive rather than proactive in developing security screening policies and did not clearly communicate requirements to flyers. Additionally, TSA screening practices are still seen by many to be a blunt instrument - treating the elderly and young children as threats appears to be misguided to most Americans.

 

The result was a great deal of frustration for everyone involved. Flyers felt that TSA policies were arbitrary and/or arbitrarily enforced and disproportionate to the risk. And the agents charged with implementing TSA policies struggled with morale.

 

The TSA was constituted very quickly in response to a very tragic and painful terrorist attack and Americans expected a great deal of the agency. Its challenges are staggering – involving 10 million flights a year. As with any complex organization facing enormous challenges, it has taken time for TSA processes, people, policy and information systems to mature.

 
Corporations with a large number of suppliers face similar challenges. Each supplier represents potential risk to the business, including financial risk because it may fail and disrupt the supply chain, or reputational risk resulting from corporate malfeasance which could land the firm with the wrong kind of headlines in The Wall Street Journal. While it is tempting to want to create a policy that eliminates all risks represented by suppliers, this approach is not cost-effective and it also is counter-productive because it prevents managers from achieving and benefiting from supply chain management efficiencies.
 
While those of us in the private sector aren’t accustomed to looking to government for management best practices, we must recognize that the TSA has begun to develop and implement policies and practices that can effectively identify bad actors and mitigate risk, while also providing a better experience for the millions of flyers and reducing manpower requirements and costs.
 
There are two principles which apply equally to screening flyers and suppliers, and we can learn from the TSA how best to screen suppliers:

Risk-Based Assessments and Proportionate Response

The most sophisticated traveler screening operation on the planet is that of Israel. Unlike the early TSA system which focused on physical threat identification, Israel primarily relies on information about the individual fliers and their history to assess likely risks. The TSA has made several changes in its policy over the last few years to incorporate this risk-based strategy in its screening.
 
For example, the TSA worked with the US Customs Bureau to support a trusted traveler program called Global Entry that requires frequent flyers to undergo a background screening and interview. If accepted to the program, those travelers can then take advantage of an expedited airport screening process, much shorter lines and easier x-ray procedures. They won’t even have to take off their shoes!
 
This trusted traveler program, consequently, frees up screening staff to not only to minimize the time consumed by the screening process itself but also to focus their attention on real threats through a Pre-Check program. This Pre-Check program relies on a solid database of up-to-date background information on flyers and leverages this information and statistics to predict risks and respond accordingly.
 
“TSA Pre-Check moves us closer to our goal of delivering the most effective and efficient screening by recognizing that most passengers do not pose a threat to security,” explained TSA Administrator John Pistole in an interview regarding the new screening program.
 
While there is much opportunity for improvement, the TSA continues to focus on leveraging information and technology to improve security and private sector firms must likewise explore many new resources available to identify and mitigate supplier risk.
 

Similarly corporations should risk segment all current and potential suppliers using information-based assessments and then focus management attention on the small percentage of those suppliers that represent greater risk to the firm.  Similarly to the TSA approach, key to the success of the corporate risk mitigation program will be a reliance on both supplier-provided and trusted 3rd party information to assess risk and provide additional screening and due diligence options, proportionate to the risk involved. For more information on applying supplier screening information and analytics, click here to view our recent webcast “Mitigating Supply Chain Risk without increasing your Budget”

Co-Managing Supplier Risk, Part 1 - The Challenges of Managing Vendor Risks

 This article series is excerpted from a research report “Co-Managing Supplier Risk: Lowering Risks and Cost-of-Managing Simultaneously” which can be downloaded here.

Managing the risks imposed by suppliers and third party service providers has become increasingly difficult and expensive. At the same time, the risks imposed by these relationships keep on getting larger and more costly. Yet procurement and risk personnel are expected to do more with less. In part one of this series we diagnose the problem. We look at how the trend towards outsourcing, combined with ever-greater regulatory burdens, has made managing supplier and third-party risk increasingly important, difficult, and expensive. We will also examine why the traditional approach to prioritizing supplier management resources falls short when it comes to managing risks. And how decentralized procurement exacerbates the problem. In part two, we will look at a new approach: How segmenting risk tasks and having a third party co-manage the tactical risk tasks can reduce costs and risks simultaneously.

Outsourcing and Compliance: Supplier Risk’s One-Two Punch

The Outsourced Enterprise—What is Your Exposure?

Over the last few decades, more and more functions that used to be done internally are now done by third parties. This includes everything from IT to customer service, payroll, logistics, quality, manufacturing, HR, facilities management, security, sales, marketing, R&D, legal, accounting, sourcing and procurement—you name it. If someone else can do it better, faster, and cheaper, then it is a candidate for outsourcing. But along with the explosion of outsourced services, risk has increased for many corporations, as visibility and control have decreased.

 

Figure 1 - Migration to the Outsourced Virtual Enterprise Creates Advantages and Risks

 

Suppliers and service providers exist to serve the enterprise, but they may also cause harm to the enterprise. This can happen in many different ways: A manufacturer’s representative or third party sales agent takes a bribe, exposing your company to huge FCPA¹ fines (some have been in the hundreds of millions of dollars). A supplier engages in fraud or theft.² You entrust a trading partner with valuable intellectual property and they inadvertently share it, sell it to a competitor, or use it to make competing or counterfeit product.³ One of your trading partners who has trusted access to your systems is hacked, and subsequently your systems end up infiltrated.⁴ An uninsured contractor has an accident on your premises and sues your company for millions. The list of real-life incidents is practically endless.

The Juggernaut of Regulatory Compliance

Regulatory compliance presents yet more challenges in supplier management. If we step back and look at the broad arc of history, the regulatory and legal responsibilities and compliance requirements imposed on corporations have grown dramatically more far reaching over time (see Figure 2 below). Driven by public outrage over events ranging from Upton Sinclair’s The Jungle, to bribery scandals of the 1970s, to the Enron scandal, to the subprime mortgage crisis, lawmakers feel compelled to make sure “this will never happen again.” To ensure that businesses behave responsibly, legislators create new regulations such as the Meat Inspection Act, the Pure Food and Drug Act, the Foreign Corrupt Practices Act (FCPA), Sarbanes-Oxley (SOX), Dodd-Frank,⁵ Food Safety Modernization Act (FSMA), Consumer Financial Protection Bureau (CFPB) rulings, and countless others.

In the EU, where public awareness and concern over environmental issues are more pronounced, they have ETS, WEEE, RoHS, and REACH,⁶ and new regulations on the way, all of which keep getting more comprehensive. In spite of protests from business lobbyists, there is little indication of reversals in these trends towards greater scope and strictness of regulation over time.

 

Regulatory Compliance Requires Managing Your Third Party Suppliers and Vendors

Many of these regulations impose or imply requirements to manage suppliers and trading partners. For example, FCPA compliance extends to any agents acting on your behalf. In fact most FCPA prosecutions have involved third party intermediaries⁷ (see Figure 3). Many of CFPB’s rules also make financial service companies liable for the actions of agents acting on their behalf.⁸ Sarbanes-Oxley requires due diligence in selecting, controlling, reporting, and managing suppliers and the risks they present.⁹

Figure 3 - Percent of FCPA Prosecutions Involving Third Party Intermediaries

 

On top of this, there are numerous lists of parties that you either cannot do business with, or that have specific restrictions on how you can do business with them. This includes the US Denied Persons List, Debarred List, Entity List, Specially Designated Nationals List, Nonproliferation Sanctions notifications, World Bank List of Debarred Parties, and dozens more worldwide.

 

To make matters worse, newer regulations are almost always open to interpretation, the details of which often get resolved through litigation or further legislation. Keeping up with all of this is a Sisyphean burden for businesses. It seems that just when companies get systems and policies working to comply with one set of regulations or restriction lists, a whole new set comes along.

The Quandary of Mid/Lower-Tier Supplier Management

Current Supplier Segmentation Strategies Don’t Work Well for Risk Management

The Chief Procurement Officer’s number one priority will always be reduction in spend. In addition, today, they are expected to reduce a tremendous variety of risks associated with suppliers and vendors, making sure the organization is in compliance. Often the CPO is asked to do all that while simultaneously reducing purchasing headcount and/or budget. In order to use their limited procurement resources wisely, most companies segment their suppliers, so they can manage them with the appropriate amount of diligence and effort expended, focusing their precious resources on those suppliers that are most important to the organization. Typically a company uses three (sometimes four) segments: A Suppliers (Critical/Strategic), B Suppliers (Core/Tactical), and C Suppliers (Commodity/Transactional).¹⁰

 

Segmentation strategies based on the size of avings opportunities may work well for focusing resources on the largest spend reduction opportunities, but are not ideal for identifying and managing the largest risks. Some companies address this by adding ‘criticality’ as a segmentation criterion, to ensure that any supplier that is sole sourced, hard to replace, and critical to the running of the enterprise is considered an A supplier. This helps to address some disruption or continuity risks, but misses many other types of potential significant damages that can be caused by suppliers or vendors, including tier B or C suppliers, such as non-compliance with regulations, theft, litigation, and reputational risks. You may have a quite small contract with an easily replaced local office cleaning service, but one of their employees could steal very valuable intellectual property or gain access to critical corporate networks, resulting in immense damages. Or you may have hired a sales agent, also considered non-critical or non-strategic, but if they end up offering a bribe to obtain business on your behalf, enormous payments for an FCPA violation could result. In short, there are many types of risks posed by tier B and C suppliers, in addition to the A suppliers. These risks must also be diligently managed.

 

The challenge is the sheer volume of B and C suppliers, multiplied by the large number of risk-related documents and data that need to be collected and refreshed regularly. A major corporation typically has tens of thousands, or even hundreds of thousands of suppliers, many requiring several to dozens of documents, surveys, certificates, and so forth that need to be collected, verified, organized, and refreshed annually or more often. Companies are faced with either spending too much time and effort to manage the risks or just accepting the risk and damages incurred—neither is a great choice.

Decentralized Procurement Challenges

The challenge of managing the vast numbers of B and C suppliers is compounded when procurement decisions are made locally, as is often the case, especially for site-specific or geography-specific services. Risk considerations are often given short shrift in local procurement decisions, even when explicit corporate policies are in place mandating specific due diligence procedures. Too often local entrenched relationships (the ‘good old boys’ network and “we’ve always used them”) rule the day.

 

Local service providers can be a good choice for many types of service. But decentralized decision-making can make it challenging to ensure that the right questions are asked, and proper expertise and certifications are validated before granting access to your facilities, employees, and potentially to restricted areas of your company.

 

In Part 2 of this series, we will take a look at the case for co-managing vendor risk with a third party. A full copy of the report from which this series is excerpted can be downloaded here.

For more information on supplier screening, risk and compliance software, vendor credentialing or supplier verification visit http://www.cvmsolutions.com/supplierscreening.

________________________________________________________________________

¹ Foreign Corrupt Practices Act -- Return to article text above
² In 2011, there was over $6B of supplier theft in the retail industry alone according to The Centre for Retail Research, Global Retail Theft Barometer 2011 -- Return to article text above
³ Worldwide IP theft causes over half a trillion dollars in losses annually. The value of counterfeit goods is projected to exceed $1.7 trillion or 2% of global GDP by 2015. (Sources: IP loss estimate from Word Customs Organization, cited by A.I. Feldman in “U.S. Firms Paying High Price for Global IP Theft”. Counterfeit goods estimate from The International Chamber of Commerce, cited by CNN Money in “Counterfeit goods becoming more dangerous”) -- Return to article text above
⁴ Global cybercrime costs over $1 trillion, according to research projections by McAfee Associates. -- Return to article text above
⁵ In some of these large sweeping bills, unrelated regulations are often thrown into the mix. For example, the “Dodd–Frank Wall Street Reform and Consumer Protection Act,” while primarily a financial regulation, also includes additional regulations on disclosure of conflict minerals by manufacturers, mine safety reporting, restrictions on IMF loan approvals, and reporting on payments for oil, gas, and mineral licenses. -- Return to article text above
⁶ ETS = European Union Emissions Trading Scheme, WEEE = Waste Electrical and Electronic Equipment Directive, RoHS = Restriction of Hazardous Substances Directive, and REACH = Registration, Evaluation, Authorization and Restriction of Chemical -- Return to article text above
⁷ Many of these FCPA violations also involve internal personnel, in addition to an external third party intermediary. -- Return to article text above
⁸ For example, the CFPB compliance guide for international fund transfers states in section IV. (§ 1005.35) “You are liable for any violation of the rule by an agent or authorized delegate when that party acts on your behalf.” -- Return to article text above
⁹ Other legislation—such as FSMA, the Lacey Act and EUTR (illegal logging regulations), California SB 1307 (pharmaceutical e-pedigree), and the conflict minerals rule within Dodd Frank—require knowledge of who the exact source of materials is, traceability, and/or visibility/control over the materials used by suppliers. -- Return to article text above
¹⁰ Typical definitions might be that: A Suppliers are critical, deeply embedded, difficult to replace, can’t run your firm without them. (These may be 5% or less of all suppliers.) B Suppliers are important to running your firm, somewhat less embedded, but still not so easy to switch. (Typically 15%-30% of your suppliers.) C Suppliers provide fungible products/services that can be easily switched, comprising 60%-80% of suppliers. -- Return to article text above

 

http://www.clresearch.com/research/detail.cfm?guid=23C8753B-3048-79ED-9925-BDD1A17283D9

¹¹ Typical search terms: vendor credentialing, vendor background, third party credentialing, third party background, supplier credentialing, supplier background, third party risk management, supplier risk and compliance, third party compliance software, procurement, procurement risk, supplier risk mitigation, procurement risk mitigation, third party compliance, third party compliance software, procurement risk strategies, supplier risk mitigation, third party segmentation, vendor segmentation, third party risk assessment, supplier screening, vendor screening, third party screening, global regulatory compliance, vendor risk management, supplier compliance, FCPA, FCPA Compliance, supplier verification, vendor management software, supplier management software, third party software

Supplier Diversity Program Best Practices Whitepaper

A CVM Solutions’ Guide to Successful Tier 1 Supplier Diversity Programs

A well-established supplier diversity Tier 1 Program focuses on four critical supplier diversity best practices steps for program success:

1. Outlining the importance of establishing an accurate baseline for supplier diversity management and supplier diversity metrics 
2. Describing the who’s and why’s of supplier benchmarking and supplier diversity goal setting
3. Identifying leverage opportunities and proven diverse suppliers to build a tier one program 
4. Focusing on creating efficiencies for your supplier diversity team in collaborating with suppliers while partnering with procurement as diversity best practices

To download the complimentary, complete CVM whitepaper, click here.




**Relevant Keywords: supplier diversity program, supplier diversity, supplier benchmarking, supplier diversity initiative, what is supplier diversity, supplier diversity metrics, diversity supplier data, supplier diversity benchmarking, supplier diversity management, CVM, supplier data enrichment, diversity best practices, diversity benchmarking, diversity spend, CVM Solutions, supplier diversity best practices, tier 1 program, CVM diversity, tier one program

Mitigating Enterprise-wide Risk with Rigorous Supplier Screening

Today’s managers need better business insight to identify high-risk suppliers and mitigate supplier risk. Before they enter into any business relationship, they must learn as much as possible about the supplier company through a rigorous screening process involving proven verification and validation methodologies.

Shortcomings in supplier screening can result in serious risks and liabilities in a wide range of industries, including real estate, telecommunications, energy and financial services. When a company’s pre-qualification process is inconsistently applied across the enterprise, or not applied at all, the potential exists for both financial and operational risks, including insurance lapses, a lack of required licenses and lapses in safety performance.

Supplier Screening Consistency Ensures Enterprise-wide Compliance

For example, a multi-family real estate company needed to address the risks and liabilities caused by inconsistent and fragmented supplier risk assessment processes across 170 properties because each property did its own supplier screening. It addressed this challenge by implementing an automated supplier screening or vendor screening solution, with annual follow up, to track suppliers through the validation process to ensure they complied with insurance, licensing and other requirements, and that executive background checks for smaller vendors were properly conducted.

Critical Document Tracking Minimizes Potential Liabilities

A rigorous process also is required to track critical documents required by contract, such as certificates of insurance and contractor license expiration dates. A breakdown in the supplier screening process, consequently, can result in the potential liabilities caused by sub-standard work, as well as in the higher operational costs required to on-board service supplier replacements.

For example, a giant telecommunications company was challenged to screen for supplier insurance certificates and provide financial assessments and validate insurance certificates against the requirements of individual contracts. To meet this challenge, it implemented a database for suppliers, insurance certificates, background screens and the financial assessments required by supplier contracts.

More Effective Screening Requires Supplier Segmentation

All suppliers represent potential risk, but they do not pose equal risks. An effective vendor screening program enables managers to assess the risks inherent in the services provided, as well as the characteristics and history of the firm and its principals and employees. The challenge is not just to verify compliance with laws and regulations but also to segment suppliers based on the level of risk they pose. Best practices ensure that risks are strategically assessed and mitigated consistently across the business.

A leading U.S. energy company, for example, has four divisions – fossil fuels, nuclear, transmission & distribution and corporate – that involve very different levels of supplier risk. These range from very high risk nuclear power generation services to lower risk power line maintenance tasks. The company’s number one challenge is two-fold: to reduce various levels of risk and improve safety across all of its operations. To help its division managers and safety managers to minimize the time and effort required to manually check OSHA and other requirements, for example, CVM centralized and standardized its screening processes, and – as an added benefit – also assisted in the management of its supplier diversity program. As a result, this company achieved the best supplier safety record ever in 2012, increased diversity spend and data accuracy, and enjoyed a reduction in cost exceeding $1 million per year.

Segmented Screening Can Lighten the Burden of Increasing Regulation

The impact of OSHA on the energy industry described above is just one example of how regulations of all sorts continue to proliferate and put a heavier legal and financial burden on companies in many industries today. Other examples include the Foreign Corrupt Practices Act that applies to the business practices of global enterprises and, in the financial services industry, the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, along with the Consumer Financial Protection Bureau established by Dodd-Frank to enforce federal consumer financial protection laws.

The 40-year-old Foreign Corrupt Practices Act, for example, has seen a dramatic increase in DOJ and SEC enforcement actions over the past decade. Failure to comply with FCPA regulations has led to fines reaching hundreds of millions of dollars and even jail time served by senior executives. Global firms increasingly rely on suppliers and other 3rd parties, such as agents, consultants and partners, to reduce costs, increase scale and provide more flexibility. Best practices supplier screening helps mitigate the risk posed by these 3rd parties.

Supplier screening is a critical tool for ensuring compliance with the growing number of regulations and regulatory agencies at all levels – local, state, federal and international. Effective screening helps companies to ensure compliance with a wide variety of regulations by helping them to verify compliance and assess their suppliers based on the level of risk involved and their own risk mitigation criteria.

Effective Supplier Screening Helps Mitigate Risk and Avoid Liabilities

To mitigate supplier risks and avoid liabilities, better business insight can be gleaned from reliable, up-to-date data in a number of critical areas, ranging from simple business verification to executive criminal background checks, business financial health assessments, contingent workforce background checks and global due diligence investigations. 

For more information on mitigating supplier risk through supplier screening, join CVM Solutions on April 16, 2013 at 2pm EDT for an educational webcast: Mitigating Supplier Risk Without Budget. Click here to register for this webinar


http://go.cvmsolutions.com/SupplierRiskManagementWebinarhttp://go.cvmsolutions.com/SupplierRiskManagementWebinar

The Other CPO Compliance Mandate: FCPA

Traditionally the word compliance in procurement addresses metrics such as spend under management and minimizing maverick purchases across the company to get the most out of negotiated agreements.
 
While this compliance is as important as ever in reducing costs, today’s CPO and procurement team play a critical role in their organization’s broader enterprise compliance and risk management framework, primarily because procurement represents the supply chain which can materially impact the business, as mentioned in our previous blog: No Supplier is too big to fail. 

In recent years, chief executives have been faced with an increased number of compliance and regulatory burdens including the enforcement of anti-corruption compliances - a global business area quickly gaining headlines. Amongst the many anti-bribery and corruption laws multi-nationals must comply with are:

• Foreign Corrupt Practices Act (U.S.)
• UK Bribery Act (UK)
• Corruption of Foreign Public Officials Act (Canada)
• Prevention of Corruption Act (India)

The FCPA is a forty-year-old US law which has seen a dramatic increase in DOJ and SEC enforcement actions over the past decade. Failure to comply with FCPA regulations have led to fines reaching hundreds of millions of dollars and even jail time served by senior executives.  

Global firms increasingly rely on suppliers and other 3rd parties (agents, consultants, partners, etc.) to reduce costs, increase scale and provide more flexibility, however 3rd parties bring a unique risk as well.

Deloitte calls 3rd parties the Achilles Heel of FCPA compliance, noting that enforcement actions by the DOJ and SEC involving 3rd parties increased from 42% of those filed in 2005 to 100% of those filed in 2011. 

CVM Solutions’ sister company – Kroll Advisory – supports its clients’ global anti-corruption compliance initiative with a proven solution comprised of system design, prevention and remediation.  In its work with multinational procurement leaders, CVM Solutions is seeing a surge of compliance initiatives recognizing procurement’s role in FCPA 3rd party compliance.
 

Email, Excel and Paper, Oh My!

Last year Kroll Advisory surveyed 139 compliance executives at multi-national companies around anti-bribery and corruption risks and compliance initiatives in place at their respective firms. The resulting study results were published in the 2012 FCPA Benchmarking Report.
Compliance respondents indicated that the greatest challenge they face is anticipating regulator’s next moves. Among the other findings in the report:

• 50% of respondents expect an increased bribery risk exposure in the future
• 3rd Party represents the domain with the greatest exposure to the business

However, despite the risk represented by 3rd parties, the majority of firms lack a technology platform to automate compliance, relying instead on paper documents, email, Excel, etc.

Kroll’s FCPA offering addresses 3rd Party with a proven framework including four components:

• Risk segmentation
• Sanctions & regulatory checks
• Purpose-built technology platform
• Global due diligence

For more insight into the intersection between compliance and 3rd parties, download the report here  and  reach out to your CVM Solutions (cvm@cvmsolutions.com) or Kroll Advisory Representative directly for more information.

Supplier Diversity Best Practices Webcast: Tracking Program Performance Using Traditional and Non-Traditional Metrics

Best Practices Webcast

Thursday, February 14
@ 2:00 p.m. EST

Register Now

Successful program leaders know that supplier diversity program tracking, metrics and reporting must be an ongoing, dynamic process. Discover guiding principles for reporting and non-traditional metrics that can effectively demonstrate the importance of the diversity program to the rest of the organization.

During this exclusive webcast featuring guest speaker James Sturgis, who served as the Director of Supplier Diversity at Ahold, we'll discuss how to effectively track supplier diversity program performance to measure it's success.

Join us for this complimentary event on Thursday, February 14 at 2 p.m. EST to learn how you can elevate your diversity program by refining your performance measurement process and metrics.


Register Now

Guest Speaker:
 

James Sturgis
Experienced Supplier Diversity Director

No Supplier Is Too Big To Fail

During the Great Recession economic experts focused attention on banks that were deemed “too big to fail” - their role was judged too critical to the health of the overall US economy. The US government responded with bail-outs and the Dodd-Frank legislation, designed to bridge the economy towards a more sustainable position and reduce risks associated with a few important firms.

Today we know there is no such thing as a company “too big to fail.” Globalization, the European sovereign debt crisis, climate change and even pirates can disrupt your supply chain and threaten your ability to reliably meet the needs of your customers- and when this happens you won’t be able to count on the government to bail you out.

Although risk management has traditionally been considered a responsibility of the finance department, the nature of global supply chains and the attendant risks are causing this to change dramatically. Today procurement leaders balance cost and risk management in their sourcing and supply management strategies and they’re seeking a wide range of data points to validate their decisions.

Supplier Business Failure

The US Census Bureau Economic Census reports that there are 28 million US businesses. According to the US Small Business Administration approximately 600,000-800,000 business “deaths” occur each year, as a result 50% of all start ups fail before their fifth birthday.

The recession has caused a business credit crunch, forcing many businesses to operate on razor thin reserves. Supplier dependency can also be a factor, your relationship with your supplier could be the only thing keeping a supplier up and running. Gaining visibility into your supplier’s financial health is key to minimizing supplier risk.

Factors obscuring visibility to supplier’s financial health:

1. There is no requirement in the US for privately held firms to file financial statements – and nearly all US-based businesses as privately held.
2. Without proper training one can easily draw false conclusions by relying on financial ratios - few procurement professionals have extensive training in financial analysis.
3. Suppliers are reluctant to sharing financial statements, fearing that customers will use their financial position against them in negotiations, or recognize that the firm is struggling and go with another firm.

Supply risk management strategies must take into account the disruption that a supplier represents. A risk assessment would assert that a promotional products company represents limited risk as there are many sources of supply and the switching cost is low, while a specialized direct materials supplier warrants a deeper review.

Also it’s important to recognize that performing a supplier screen during the supplier qualification process is necessary but insufficient, ongoing monitoring is also important for suppliers which represent higher risk.

Assessing Supplier Failure Risk
A tiered approach accounts for the risk associated with the commodity or service being provided as well as the inherent risk of the supplier in question. A simple snapshot view is appropriate for determining whether further due diligence is required.

Firms which fall into higher risk segments should undergo a financial health assessment. As part of this process the procurement team can leverage technology to gather multiple years of audited financial statements from the supplier and have financial analysts review for the purpose of assessing failure risk and whether the firm has adequate capital.

CVM Solutions offers an initial risk assessment weighted against the client’s requirements, technology and financial analysis. This can be client-paid or supplier-paid model. In its role as an unbiased 3rd party CVM reports various financial metrics such as Altman-Z in an effort to determine whether the supplier meets the client’s risk threshold and also provides commentary to guide the client as to any unusual or one-time factors. CVM can also provide financial benchmarking, providing value to both suppliers and clients.

CVM customers experience several benefits:

1. The client can ensure that a consistent, risk-weighted process is being applied to all suppliers and that supplier-provided information is verified against public and proprietary sources of business information
2. Suppliers often prefer to provide financial statement detail to a 3rd party and CVM does not disclose financial statements to the client, only a final summary report
3. The client can leverage a proven solution without a capital or headcount investment

ChainLink Research reports that firms often under-invest in supply risk management and provides recommendations on identifying and mitigating supply risk. Click here to watch a tutorial from Bill McBeath, Senior Research Analyst with ChainLink Research as he reviews the importance of managing supplier risk and compliance as a critical competency for organizations.