Schalk_vdMerwe_100.jpgIn order to optimise vendor ecosystems, companies consider various types of vendor-related information to determine which vendors are best suited to their supply chains. Companies, typically, limit this to information that is directly linked to quality, performance and price KPIs.

“However, an often-neglected, yet very important, element in the optimisation ‘equation’ is vendor company risk”, says Schalk van der Merwe, Executive Head: Supply Chain Governance at data powered risk solutions provider Inoxico, in this month’s SmartProcurement.

Incorporating data on a vendor company’s state of compliance as well as their sustainability and integrity as an external entity provides critical insight into the fundamentals of said company. The aforementioned can affect a vendor’s capability to provide services optimally, or could encompass the likelihood of it damaging the business’ brand through corruption or incompetence.

To include the above into the assessment of vendor suitability, the necessary vendor company data needs to be collected, verified and analysed at various stages in the vendor engagement lifecycle. This requires two important components:
1. The ability to receive and maintain the relevant vendor data at various stages of the engagement lifecycle in the most pro-active manner possible.
2. A source of vendor data, vendor data verification and, importantly, vendor data analysis.

Insourcing or outsourcing?
The second component immediately raises the question of insourcing versus outsourcing vendor data analysis.

Many companies, primarily for cost-saving reasons, choose to start by sourcing basic vendor data via in-house processes. In South Africa, this would, typically, include assigning someone the responsibility of heading-up efforts to source Companies and Intellectual Property Commission (CIPC) and B-BBEE data as part of the vendor application (i.e. on-boarding) process as well as on a continual basis after the vendor has been on-boarded. Most companies are quite successful at doing so – even though they are building non-core processes into their procurement function.

If a business keeps to these two (or to only a few) data elements alone, it is probably the most feasible way to go about managing this aspect of vendor selection/rationalisation.

The outsourcing option becomes more feasible when companies choose to expand their view of vendor data and, consequently, vendor risk – which is not a bad idea on the African continent and a must from a corporate governance perspective.

Database management
If a company chooses to expand the data that they source, verify and maintain on their vendors, they, typically, look at information that speaks to probity and sustainability risks (what comes to mind here is information that provides insight into political exposure, adverse media coverage, financial issues and customer references). Considering that companies would want this information at the vendor on-boarding stage (or earlier), and would monitor such for the entire vendor engagement lifecycle, the function of managing this process becomes much more complex.

The function now requires expertise in database management, document management as well as data interpretation and analysis, and would, potentially, need a specialist call centre and access to various databases or tools (this information hardly ever sits with just one source).

Maintaining such an infrastructure successfully, while providing assurance around data quality, requires years of experience in sourcing and managing commercial data as well as specialised technology and data infrastructure. There is also the question around streamlining this service to business, which is an interface to the relevant processes that require vendor information.

In light of the above, companies are deciding that vendor data management should be left to specialist commercial data sourcing and management providers. Companies coming to this conclusion, typically, have forward-thinking governance and compliance approaches, a high exposure to African markets and sizeable vendor ecosystems.

What then remains is to consider how vendor data will be interpreted within the context of the vendor risk management approach of a specific company.

Some companies already have a very good idea of how to digest the data: data points indicate certain types of risk and where their thresholds lie. But many procurement officers, and even risk-related personnel, are new to the concept of vendor risk in Africa. The good news here is that there is a suite of specialised service providers emerging in this field that can assist with setting up frameworks, analytics and workflows for those that want to shorten their learning curve.

The view on vendors and vendor risk is being expanded to look beyond pure SLA delivery and pricing. Especially in Africa, the task of sourcing, maintaining and interpreting the necessary data for these assessments at scale is not trivial. Fortunately, there are service providers emerging that can help companies excel in Africa whilst allowing them to focus on excellence in their core business.

For more information on managing risk through data-powered solutions, please visit Inoxico at You can email Schalk van der Merwe at