A 2010 McKinsey case study on purchasing organisations found that Absa Group Sourcing (AGS) leads the industry average (3.1 vs. 2.5), while excelling in category purchasing processes, where it achieved a higher rank than 80% of the organisations in its industry and well beyond the banking industry average.
AGS has delivered sustainable, annualised savings equal to 6% of its cost base year-on-year since 2006. Antony Barker, Head of Ethics, Risk and Governance at AGS, gave delegates at SmartProcurement World an insight into risk management’s role in achieving those savings.
Supplier risk management is a key focus area that has protected Absa from financial loss and it commences with the start of the sourcing process, said Barker.
AGS maintains that the way in which an organisation selects, targets, manages and develops suppliers is recognised as a critical lever to overall corporate success.
Quantified risk management information aids in decision-making such as determining whether or not something is within the business’ risk appetite for the likes of monitoring/managing a supplier or adding/removing/modifying controls.
He noted that risk and controls assessment throughout the sourcing process helps develop a robust contract that includes specific supplier risk-related performance and controls terms and conditions.
To manage risk, you must first understand risk…
Segment
AGS manages Absa’s suppliers according to the nature of their services and the risk each presents to the Group.
Some areas of control where financial organisations are most at risk include data privacy, IT security, physical security and sustainability, said Barker.
Therefore, a segmentation tool must cater for multiple dimensions, including spend value, reputation and financial risk, business impact and service criticality. AGS used a threshold of R1-million spend a year to reduce the segmentation volume.
Assess
You need to measure the level of control in a supplier’s operation. An organisation’s control environment is only as strong as the weakest area, said Barker.
Self assessment or an invasive audit can highlight gaps in a control environment.
Using subject matter experts to define the self assessment questionnaires will ensure an effective assessment, he noted.
Remediate
The assessment may highlight areas of the supplier’s service that need to be improvement.
Your options are to agree to remediation plans with the supplier, delegate or accept the risks (in which their lies a cost implication), noted Barker.
Assure
Think of assurance as on-going due diligence.
“It is a periodic activity required to confirm that a supplier can continue to deliver services to us throughout the duration of the contract,” he explained.
It involves assessing the design and operation of key controls performed by the supplier.
“The level of assurance required is determined by segmentation and risk; it is applied at the service level and focuses on key operational controls – not commercial,” he noted, adding that the supplier manager takes the lead in planning and facilitating assurance.
…and realise that it’s an ongoing process
Risk management is a platform for collaboration between buyer and supplier and, when done effectively, is a key to realising procurement benefits for the organisation.
